by Andy Bochman

Here’s the brutal truth: It doesn’t matter how much your organization spends on the latest cybersecurity hardware, software, training, and staff or whether it has segregated its most essential systems from the rest. If your mission-critical systems are digital and connected in some form or fashion to the internet (even if you think they aren’t, it’s highly likely they are), they can never be made fully safe. Period.

This matters because digital, connected systems now permeate virtually every sector of the U.S. economy, and the sophistication and activity of adversaries—most notably nation-states, criminal syndicates, and terrorist groups—have increased enormously in recent years. Witness the attacks ...