QOTD on The New Security Reality

You should assume that every server in your company is compromised, then build your security around that.
[...]
Don't assume you're safe. Assume you're not, and figure out now how to react when you are compromised.
-- Andy Dancer, MD and CTO EMEA for Trend Micro

Src: Treat every corporate server as compromised, advises security expert - 25 Nov 2011 - Computing News

QOTD on APTs

The difficult thing about APTs is that they exploit employee knowledge gaps, process weaknesses, and technology vulnerabilities in random combinations. Patient, well-resourced, and highly skilled adversaries take their time to figure out where we are most vulnerable and then use this knowledge as a weapon against us. You could do 99 things right, and the bad guys will find and leverage the one thing you do wrong.
-- Jon Oltsik, ESG senior principal analyst

Note: emphasis is mine.

QOTD on The Security Perimeter

The days of the perimeter working as the sole defence mechanism are no longer with us.
[...]
Once hackers defeat the perimeter, they will make stealthy, pinpoint attacks from there.
This isn't an outbreak which shuts all the corporate machines down – it's about probing and searching for valuable data or other vulnerabilities.
-- Andy Dancer, MD and CTO EMEA for Trend Micro

Src: Treat every corporate server as compromised, advises security expert - 25 Nov 2011 - Computing News

QOTD on Banking Security

There is no single, easy, solution for the banks to ensure the security of their online banking systems. A combination of techniques, working to complement each other, is required rather than relying solely on two-factor authentication regardless of how sophisticated this technique seems. Any approach to combating attacks against online banking must include updating and implementing rigorous anti-fraud control design processes, monitoring for any out of the ordinary customer transactions and tracking browsing patterns all of which could indicate an attack.
-- Hugh Callaghan, security expert at Ernst & Young

Note: emphasis is mine.