Michael Sutton, VP, security research, Zscaler, writes:
"The fact that the breach at KT Corporation went undetected for a year is indicative of a disturbing trend. Even in the case of the Target and Neiman Marcus breaches, the breaches went undetected for 18 and 106 days respectively. Enterprises continue to focus almost exclusively on preventive controls and ignore detective controls. The unfortunate reality of the current cyber landscape is that infections and breaches will occur. Controls must be in place to quickly identity such scenarios and mitigate the damage. Massive files containing sensitive data such as credit card numbers and personally identifiable information should not be able to be exfiltrated from a corporate network without triggering a number of red flags.