Change your game plan as the enemy changes his

"He who can modify his tactics in relation to his opponent and thereby succeed in winning, may be called a heaven-born captain."
If you follow the evolution of cybercrime, you know the bad guys change their tactics but that means the good guys are (almost) always a step behind.
The past year or two saw attack vectors favour vulnerabilities in web browsers and associated technologies. Now even once-trusted websites have iframe and cross-site scripting vulnerabilities that may infect visitors.
When we opened our networks, we put in firewalls. When the bad guys started manipulating the protocols allowed through firewalls, we installed intrusion-detection systems.
When the time from breach to booty capture shrank, we put in intrusion prevention systems.
Now we're putting in web application firewalls.
We modified our tactics by mandating certified security professionals such as those holding CISSP, CISM, CRISC or GIAC work with these systems. And we're doing more background checks for personnel handling sensitive information.
We also modified our processes to reduce human error and to ensure the design, installation, operation, and maintenance of our infrastructure complies to policies, standards and architectures.
![]() |
Revise your tactics regularly. |