It is common to protect systems and data by:

• Network level security, traffic analysis and event management

• Data Loss Prevention

• Authentication, using user logins, tokens, MFA, etc.

• Email and web filtering, anti-virus and anti-malware

• Using access control lists and Privileged Access Management

• Data Classification

• Full disk encryption

• Database encryption

The media is awash with reports describing “successful” data breaches. The malicious actor is both clever and persistent – they can afford to make huge numbers of unsuccessful hacking attempts with a valuable prize in sight. However, the targeted organisation must defend against all these attacks.