This is an original article written by Isaac Wright, a Cybersecurity Analyst and Trainer at Alpine Security.
It’s no question that in cybersecurity, defense is the best defense. In the constantly changing threat landscape, the tie often goes to the attacker, and businesses are forced to act like turtles putting up shells of security to ward off threats. That is not always a bad thing; using a well-constructed defense- in- depth plan can greatly limit the likelihood of a successful attack. I would like to believe we can get to a 99.99% level of security. Even if that were true, that extra .01% keeps me up at night. What do we do if the controls fail? How do we respond then? What do we do the other 1% of the time? Once we find out that our emails have been hacked, or our money has been stolen is not the time to ask, “what now?” Even worse, what do you do when you suspect that an insider has embezzled funds and the evidence is located on their computer? Though we invest in and rely on our security controls, it is unfortunately not always enough. We must have a plan for the .01%.