I’ve been in the computer security field for nearly three decades.

During that time, I’ve watched it go from bad to worse to ugly.
Today, the average computer security defense is so bad, we had to invent a new paradigm a few years ago called “assume breach.” This phrase admits that our security controls are so inadequate that we concede defeat in preventing hackers from gaining access to our environments.
Instead, we concentrate on limiting the damage attackers do once they’re inside our “hard outer shell.”[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld’s Security newsletter. ]

This is actually the way we need to think about computer security today.
If you have anything worth stealing, you’ve been breached.

Every computer defense strategy must assume breaches have occurred and will occur, yet remain dedicated to preventing them.To read this article in full or to leave a comment, please click here