We must approach the cybersecurity infrastructure and its policies from an adaptive point of view. We can make polices and they will work for a period of time, until a new threat comes along that makes that policy useless. We are unable to properly predict what the next cyberattack will be, it could be a common phishing scam, or something never seen before. 

It’s for this reason we cannot have any policy or framework set in stone, it needs to be written in pencil. Able to be added to or taken away from whenever needed, if we set up policies that can’t change. It would be like telling all hackers, hey come hack us, when a new threat is presented we need the ability to adapt to it. It would be foolish not to, with how fast new threats are developing, especially with the growth of AI, it’s crucial we are prepared to defend against and patch any holes they make. 

training users and employees on how to properly defend their devices is also crucial, if they are unaware about a new threat. They have a high likelihood of falling victim to the attack, potentially infecting more than just their device. Employees could also be the cause of the attacks, insider attacks are nothing new and with the amount of new hacking technology that is being sold on Amazon, employers need to keep watch over their employees.