Analysis of 3 Billion Attacks Demonstrates Security Gap Between Attack and Defense
For example, while Target had some good security prior to its breach in 2013, it "failed to observe some basic security controls, including maintaining appropriate network segmentation, an active patch management process and an event response process." Problems include a failure by business to adapt to the changing threat landscape fast enough, and a failure to implement – or in some cases, make use of – the new security controls that are becoming available.