As security practitioners have learned through first-hand experience, cybercriminals are always evolving their skills to find new ways to evade the latest defenses. What’s more, their attacks are getting bigger and more audacious.



All the more reason why defenders can’t let their security strategy gather dust. Cybersecurity no longer represents a static threat. This is a fluid, open-ended struggle without permanent wins and losses. The one constant is that attackers are continually upping their game.



Take the record-breaking Distributed Denial of Service attack against DNS provider Dyn last fall. That attack featured a huge, sci-fi-like botnet of IoT devices which overwhelmed its victim’s network with waves of traffic. It also was a stunning demonstration of the technical prowess that cybercriminals can muster nowadays to wreak havoc.



By way of comparison, consider the big Target breach a few years ago when attackers compromised the firm managing Target's HVAC systems, to gain network entry to steal customer financial information. That was a clever approach for the time, but hackers have since grown even more adept — and better-equipped — to carry out their plans, claiming a list of high-profile victims that includes the likes of the U.S. Office of Personnel Management, TalkTalk, Tesco Bank, Yahoo and Sony, among others.



Attackers already enjoy the advantage of being on the offensive. But as shown in the AT&T Cybersecurity Insights report, many organizations make it too easy by failing to keep their defenses up to date, thus reducing their ability to detect and mitigate future cyberattacks. Indeed, a recent study by the Ponemon Institute found that traditional endpoint security approaches not only aren’t working, but they also wind up costing enterprises more than $6 million per year in poor detection, slow response and wasted time.

Is it Time to Tweak?



If your organization has stayed out of the cross hairs until now, that doesn’t mean bad actors have given up. You should always operate on the assumption that attacks are coming your way — if not today, then tomorrow, next week, next month or next year.

