One of the big misconceptions about cyber security is that organisations can maximise protection by focusing their attention—and investments—predominantly on protecting the headquarters environment and physical network. It stems from a model whereby we have treated the business as our kingdom, and the headquarters as our castle. As threats would increase from the outside, you could build additional protections—moats and bridges—to control who could get into the castle, and how they could get in. Any threats could be identified and handled before they could do harm. In our analogy, the moats and bridges translate into firewalls and security policies.
But our proverbial kingdom has changed. We no longer have just centralised castles to protect. With branch offices, remote sites, remote users and mobile workers, our domain is now everywhere. According to research by AT&T, more than 50% of companies experienced security breaches from employee…
