Organizational leadership needs to understand that no matter the technical & procedural protections that are put in place, prevention eventually fails, especially (but not exclusively) against a targeted attack orchestrated by a motivated adversary. This means that the organization must plan for this eventual “failure”—To be able to detect and respond to these failures.
When this failure occurs, the questions that must be asked from leadership is not “Why did our defenses fail,” rather, “How long did it take for us to detect & respond to this failure?” According to industry sources, the mean time of detection of advanced attackers is around 8 months—This mean that the average organization does not know that they have been severely compromised for 8 months, which is typically more than enough time to achieve the adversary’s goals.
With all that in mind, what is your detection strategy?
-Josh
Defensive Depth 