...
Our belief is that organizations have to assume the malicious actors are already well established within your network. It’s not a battle which can be one won to try and keep the barbarians from entering the walled compound.
The only sensible way forward is to make sure they can cannot hurt you once they are in. All IT systems need to be built in a way which assumes that malicious actors are in your network.
This is our thinking.
What do you think?