Cybersecurity incidents are going to occur, and companies should rethink their current security strategies. Instead of focusing on preventing criminals from accessing their data - which has become increasingly difficult - decision leaders should have a plan in place for when a breach finally does occur.
The median length cybercriminals have inside a compromised victim's network is 229 days, which gives them a significant amount of time to access data, find additional loopholes, and plan what information they will take. Companies often are unaware a breach has taken place, and don't have an appropriate strategy to boot the hackers and secure their networks.
Typical cybersecurity defenses need to focus on having "a description of the bad guys before they can help you find them," said Dave Merkel, CTO of FireEye, in a statement published by the San Jose Mercury News. "That's just old and outmoded. And just doesn't work anymore. There's no way to guarantee that you never are the victim of a cyberattack."
Cybersecurity experts are increasingly concerned that hackers have a wider variety of targets - and security still isn't a priority among many companies.