The average computer security defense is so bad, we had to invent a new paradigm a few years ago called “assume breach” This phrase admits that our security controls are so inadequate that we concede defeat in preventing hackers from gaining access to our environments. Instead of defending our environments in a risk-aligned way, we concentrate our efforts on almost everything else. Even the best IT security defenders have a hard time ignoring the onslaught of new security threats covered in the mainstream media every day. The fix: A data-driven security plan.”]
Source: https://www.csoonline.com/article/2987108/the-no-1-problem-with-computer-security.html