They try to stop every single attack without understanding their organizational constraints — be they technological, budgetary and available resources.
They dedicate the bulk of their cybersecurity resources toward addressing a single area or deploying a specific technology without understanding that majority of cyber breaches are simple acts eg. Wannacry, a relatively simple piece of ransomware to attack a publicly known Windows vulnerability that Microsoft had patched months before, but that many companies hadn't yet deployed.
Comments