Face it–its a long race, with no end in sight, that you have little hope of winning.
Let’s back up a step (pun intended) for some context. The Sunridge Medical Clinic at the University of Calgary was recently victimized by malware which compromised a server–potentially exposing sensitive personal information on 4,700 patients.
Wayne Wood, a spokesman for the Office of the Information and Privacy Commissioner of Alberta, told the Calgary Sun “Every once in awhile someone figures out how to get past the firewall,” adding “It seems the bad guys are always two steps ahead in terms of technology.”
Now, in this case it doesn’t necessarily seem like the bad guys were two steps ahead. The compromised server was infected by two different viruses and staff discovered that the antimalware protection on the system was not up to date. So, really the problem is that the security on the server was two steps behind–not that the attackers were two steps ahead.
That said, why bother engaging in a foot race with the bad guys? There are certainly reasons that you will still want to have standard security measures in place: antimalware, firewall, etc. But, encrypting the data stored on the server will ensure that it can not be accessed or breached even if the server it resides on is compromised. With the proper tools in place, a server breach does not have to be a data breach and you can stop losing sleep over whether you are a step ahead–or two steps behind–the bad guys.