As we near the end of 2018, another wave of massive cyber-attacks has exposed personally identifiable information belonging to hundreds of millions of people and will cost the impacted businesses untold amounts of dollars in lost revenue, settlements, and fines. The data breaches at Marriott International, Dell, Dunkin Donuts, Atrium Health combined with research by IntSight, showing that online phishing sites skyrocketed by 297 percent during the past year, is a clear indicator that security is broken.
According to Gartner, worldwide IT security spending is expected to exceed $114 billion in 2018. Despite these massive investments, 66 percent of companies are still being breached according to a study by Forrester Research — and worse, they’re breached on average five or more times over a 12-month period. As an industry, our New Year’s resolution should be to rethink traditional approaches to security to account for the current threatscape.
The post-mortem analysis of most data breaches typically boils down to two essential findings: