What say we just give up on preventing cyberattacks? Let’s accept that securing all endpoints is impossible and humans can always be duped. Preventing entry is a losing battle. Better to concentrate on noticing attacks, stopping them and preventing damage.

We should accept, as Liora Herman writes on the Seculert corporate blog, that big breaches are the new normal and we should expect them to happen, despite our best preventive efforts.

Herman blames this on:

1. The inherent complexity of IT systems, which has not only led to an exponential rise in the number of end-points to monitor (think employees using mobile devices or logging in over an insecure network), but has made it extremely difficult to track malware that may quietly burrow deep into the network for months before moving to its next stage in the attack.
2. The growing success of spear phishing attacks, which leverage employee-specific information that is easily harvested from corporate documents, social media profiles, and other sources.
3. The fact that many of today’s bad actors are well-funded gangs and nation-states, and have vast resources at their disposal to launch large-scale, prolonged campaigns.

Herman points to a Forbes magazine article by supply chain expert Steve Banker as inspiration. He believes:

“In short, the sheer complexity of IT systems and human nature means that intrusions may be all but certain for every organization. So instead of believing that the goal of cybersecurity is to prevent all intrusions, which is impossible, risk mitigation needs to become part of every company’s strategy.”

Banker says IT organizations can learn from supply chain managers’ emergency plans:

Smart supply chain organizations understand the risks of unexpected events and have plans in place to mitigate to these risks.   For example, a large company might look to their network of warehouses and understand that all those warehouses cannot be made secure in all eventualities. Floods, tornados, hurricanes, strikes, blizzards, and many other possible events could knock a warehouse off line.  In this case, the goal is to have a detailed plan in place for who will do what in case a particular warehouse goes down.  These contingency plans can run to hundreds of pages in length.

An important difference, of course, is that if your warehouse burns, floods or blows away, someone is going to notice. Cyberattacks are sometimes launched by software what has laid dormant for months. Many attacks are doubtlessly never discovered.

The limited lifespan of some apps also causes problems if a company is unable to detect a breach before the app responsible is put to rest.

IT must develop strategies to detect attacks quickly and respond immediately. A pivot from defense to active response may be our best protection.