The vast majority of cybercrime we deal with is opportunistic and automated. It is the domain of criminals trolling for the unaware and vulnerable. They target unpatched systems and vulnerable applications, exploit gullible end users, break through inadequate security systems, and infect people wandering around the web in places they probably shouldn’t go.
For decades, fighting these cyber threats has been the primary job of cybersecurity professionals. Establishing controls, setting up a perimeter, hardening edge devices, inspecting traffic, regular patching and replacing protocols, and controlling access points are all security fundamentals that every security team practices, and that most traditional security devices are designed to support. Unfortunately, that didn’t always happen and we often resorted to buying the latest and greatest tools when a new threat emerged, reverted back to hard-wiring the integration of these new technologies, and then hoping it all worked together seamlessly to detect and mitigate threats. Cyber threats were real but manageable – and usually more disruptive than destructive.