Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • Don’t blame cyber attackers for data breaches, blame a lack of preparation current page
Link copied

Don’t blame cyber attackers for data breaches, blame a lack of preparation

Oct 20, 2017
Author:
Paul Kenyon
Blog banner default
Don’t blame cyber attackers for data breaches, blame a lack of preparation
Paul Kenyon

Cyber attackers are savvy, their methods are sophisticated, and we in the InfoSec community need to get over it.

At the Check Point Cyber Security Symposium in Sydney last week, Telstra CIO, Mike Burgess criticized those organizations that overly focus on attributing cyber attacks, or blaming 'sophisticated' attackers for their networks being compromised.

In his address to the audience, Burgess said: "What I observe, what I fear, what I see too much of, is many commentators, many in the industry, and many in media, focus on attribution, with very little focus on the root cause. No-one should lose valuable information where at the root cause there is a known remedy. For me, that is unforgivable in this day and age. And I've got to tell you -- my view at least -- too much of this distraction around attribution takes away from focusing on what's really important here."

Burgess went on to illustrate his point by highlighting some of the language used by companies in response to a breach. After the Home Depot breach for instance, the company said: "The malware used in the attacks had not been seen in any prior attack, and was designed to evade detection by antivirus software".

"Really?" said Burgess. "I mean really?"

Burgess makes very valid point. It's all too easy for organizations to lay the blame at the feet of the attackers, to point to their antivirus software and say "it never stood a chance". Cyber attackers are savvy, their methods are sophisticated, and we in the InfoSec community need to get over it.

Most businesses will, at some point, be targeted by cyber criminals or fall victim to a breach. Once you've got your head around that, it's how you deal with it and how you prepare for it that really matters. Relying on reactive measures like antivirus simply doesn't cut it, in fact, antivirus only stops around 45% of all virus attacks leading Symantec to declare antivirus "dead".

So what's the solution?

Proactivity is essential against a backdrop of advanced threats. Technologies such as privilege management, application control and sandboxing are proven, effective strategies to counter today's threats. Since we launched our unique Defendpoint software the response from the business community, from CISOs and security managers alike has been incredibly positive, so much so that orders are flying in from all corners of the world. Part of this demand is the growing realization from organizations that they need to switch to a more proactive security posture.

In a recent global survey we conducted at influential security events, this switch to the proactive became apparent. Our research found that 44% of those surveyed now identify their security approach to be proactive. A further 27% however are still clinging on to more reactive measures.

Though undoubtedly technology plays a critical role in enterprise security, it is also supported by other practises such as user education. Educating employees that they will be targeted, encouraging them to be vigilant at all times, teaching employees what qualifies as sensitive data, how to identify and avoid threats, acceptable use policies and security policies for instance. Combined with the right proactive technologies, these steps can drastically improve enterprise security.

To round off his speech in Sydney, Mike Burgess presented the Five Knows to Cyber Security - a framework that Telstra has presented at a number of events designed to guide people through the challenges and pitfalls of security.

  • Know the value of your data. Know its value to customers, yourselves, maybe your competitors, and most definitely those who wish to do harm.
  • Know who has access to your data.
  • Know where your data is, both domestically and globally.
  • Know who's protecting your data.
  • Know how well your data is protected. - Here Burgess points to the usefulness of advice like the Australian Signals Directorate's Top Four, a list of steps that we at Avecto actively encourage organizations to follow.

It's clear then that organizations can no longer point the finger at sophisticated cyber attacks and expect their customers and clients to show sympathy. Simple proactive steps can transform enterprise security from a blame culture to a prepared one - it's up to you to do something about it.

For further information on proactive security, how Defendpoint can help and more, visit our website at www.avecto.com/defendpoint

Latest Posts
  • Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Jun 12, 2026 Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Blog
    7m
  • Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Jun 9, 2026 Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Blog
    6m
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
Related
  • Avecto experiences 4,731% growth in 5 years to secure 2nd place in the Deloitte UK Technology Fast 50 List
    Apr 23, 2014 Avecto experiences 4,731% growth in 5 years to secure 2nd place in the Deloitte UK Technology Fast 50 List
    Blog
    1m
  • Cybersecurity Trend Predictions for 2023 & Beyond: BeyondTrust Edition
    Nov 2, 2022 Cybersecurity Trend Predictions for 2023 & Beyond: BeyondTrust Edition
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.