Complacency is the enemy of information security. Installing the hardware and software components of a secure infrastructure appropriate to your organization is important, as are training and certification for personnel.
But intruders won’t give you a chance to patch flaws in your system: They’re already scanning for weaknesses across your infrastructure, from outdated malware definitions, firmware flaws and open ports, to easy-to-guess passwords.
For safety, it’s wise to assume that breaches can occur, then work to fix the flaws that enable them. IBM® X-Force® researchers reported an average of more than 54 million security events among X-Force clients in 2016.1 But without real-world testing, you will not be able to know if the system you’ve assembled can withstand the kind of attacks criminals will actually mount.