Two-pager | The wrong problem: Penetration
This section is particularly useful and designed to be read in conjunction with text content, slide-decks, presentations in various channels, blogposts and LinkedIn posts, as well as other tools I use for disseminating the ideas and concepts around intuition validation I have been developing over the years: in particular more recently, since 2016.
Mil Williams, Chester UK, 30th January 2025
In 93 percent of cases, an external attacker can breach an organization's network perimeter and gain access to local network resources.
[...]
Once an attacker has credentials with domain administrator privileges they can obtain many other credentials for lateral movement across the corporate network and access to key computers and servers.
[...]
In order to build an effective protection system, it is necessary to understand what unacceptable events are relevant for a particular company," Kilyusheva adds. "Going down the path of the business process from unacceptable events to target and key systems, it is possible to track their relationships and determine the sequence of protection measures in use.
https://betanews.com/2021/12/20/cybercriminals-penetrate-93-percent-of-company-networks