You WILL be hacked
May 23rd, 2014 by Jesper Kråkhede
If you decided to start working with security you have understood by now that you need to read, read and read a lot more that you originally thought. Not everything is about that happy moment when you manage to open up a DOS-prompt and get full root access to a server. Most of the time you try to understand the complexity of an environment and understand where the vulnerabilities are.
One paradigm that has been around for quite a while is the belief that you could protect everything and that you could manage to build a hackproof system. This has finally changed into the notion that you WILL be hacked and that you should focus on protecting what has a value instead of trying to protect everything. Otherwise the cost for security will be too high making it impossible to do business. In conjunction with this every manager should include costs for managing breaches as part of the cost of conducting business on the web. At least for now.
Currently the situation resembles that of trying to conduct business during a war. In any given time enemy troops could come running in through your door and either shoot you or loot your store. Sadly we need to focus on resilience of our business rather than protecting it making sure that it could withstand at least being partly hacked.