A recent FireEye report based on data from more than 1,216 organizations in 63 countries states that 97 of those organizations had been breached, meaning at least one attacker had bypassed all layers of their defense-in-depth architecture (h/t Ars Technica).
The report, entitled "Cybersecurity's Maginot Line: A Real-World Assessment of the Defense-in-Depth Model," also states that 27 percent of organizations experienced events known to be consistent with tools and tactics used by advanced persistent threat (APT) actors -- and three quarters of organizations had active command-and-control sessions taking place, meaning that they were actively being used by attackers for activities that could include theft of sensitive data.
During testing, the organizations' security tools allowed a total of 208,184 malware downloads, of which 124,289 were unique malware variants.
"The implication is clear: no corner of the world is remote enough to avoid falling into attackers' crosshairs, and current defenses are stopping virtually none of them. ... Despite the billions of dollars organizations pour into traditional security measures every year, attackers are compromising organizations almost at will," the report states.