Fundamentally, hackers operate just like the rest of us: they want to maximize their return on investment. They may even use the same type of cost-benefit analyses you and your business regularly employ – even if their ultimate goals are less ethical. Still, the bottom line is that increasing the cost of attacking your organization can decrease the benefit to attackers, causing them to move on to easier targets.
This is an important point:
You can’t secure 100% of your data 100% of the time, but you can provide the most security, for the greatest number of users, the vast majority of the time.
You don’t need to stop 100 percent of cyberattacks, you simply need to make life harder for the attacker. This one principle should guide much of your thinking when it comes to security.
We can eliminate 99% of the risk by focusing Security Operations on the 1% of exposure threatening the “crown jewels” of your business, ensuring that vulnerability management energies are focused where it provides maximum protection.
