"Some people no longer think about security because they make assumptions that they are protected."

However, according to Piff, there were really only two types of organisations in the world -- the company that already knows it has been hacked and the other type which does not know it has been hacked.

Piff's advice to IT managers is they should move into a position of understanding the natural state of their IT environment so they could see when things started to appear abnormal on the network.

The need to secure the human

According to Piff, the human factor was essential when creating IT security policies.