After World War 1 the French build a line of fortifications, obstacles, and weapon installations on their border with Germany intended to deter invasion by the Germans. The defensive approach did not fare too well come WWII. The Germans simply went around it. The Maginot Line was a common mistake with such things in we often prepare to the next military conflict like it will be similar to the last.

That is seldom the case.

Right now computer viruses have become a thing that advances and changes at a rate which is hard to get ones understanding around. Even so, many IT departments still approach their organizational defense like it was still 2007; our own Maginot Line. That is so even though those seeking to attack us are using every new tool and idea to get into our businesses.

What should we do?

The first thing to understand is the nature of the harder attacks are now largely monetized. Meaning the hackers are engaged in their attacks to make money. Going back even three years ago we still saw viruses with the simple aim to cause disruption and harm. Those attacks are still around, but today much of the attacks are to make money.

With that in mind, the second thing to understand is, IT must realize that when someone is trying to break into your enterprise, they want to steal information without you knowing they are and did. So often IT will watch for what appears to be someone trying to guess user account (often logon events where more then X failed attempts locks that user account). That thinking is a leftover from the disruption days. Today an attacker is more likely to attempt pass-the-hash that brute-forcing an account password in real-time.

So understanding this we must change what we watch for and what tools we use (such as using Windows 10/Server 2016 Credential Guard).

The Third thing IT must do is know how different each viruses type is and how each operate, and what each one attempts to do. A worm is different from a trojan, from a ransomware, from a blot, etc. It stands to reason if you do not understand the nature of each attack type, how can you deploy proper defenses?

The last thing to understand is the tools and methods of defense are very much in a next generation mode. The days when you just has a firewall, anti-virus client on end-points, and patching your computers, is a thing of the past. We still need to do those things, but IT needs to know now you must deploy next-gem tools such as machine-learning and how companies like Microsoft, are re-doing Windows to have secure boot and replacing BIOS.

Basically, change you whole mind set how and why we are being attacked with viruses, hackers what your money, and what you can do about it.