It’s almost a cliche to talk about how often breaches occur—in 2015 alone, we’ve seen high-profile breaches from everyone from Anthem, the popular work collaboration tool Slack, and even the federal government thanks to the recent US Office of Personnel Management attack. While many organizations are implementing security solutions to avoid becoming the next headline, there’s a fundamental math problem with the money they are investing: While organizations may think their ROI is pretty good, the ROI for criminals is even better, giving criminals more incentive to work their hardest to break into an enterprise network.

IT organizations can spend millions trying to protect the network perimeter from attackers, yet attackers will still breach defenses, leaving companies vulnerable to data loss or worse. And attackers will keep trying, because the success rate of attacks is high. Hackers might only have to spend a little bit of money and a week or two to worm their way inside a Fortune 500 network. One hacker can write an exploit that will open the digital doors of millions of corporate systems, spilling out data and resources of untold value. The exploits are easily passed around in the underground so the threats to corporations are exponential. And the attacks can be as easy as sending a carefully crafted phishing email to a top-level executive; the effort for attackers is minimal and the payback is huge. Meanwhile, IT departments are spending more and more money trying to keep hackers out, with minimal success. Which brings me to an uncomfortable point …

 

Read more