Comment by WJW
5 days ago
Just because one group of attackers is (/might be) inside your network doesn't mean you also have to let all other groups in. There is zero reason to let (say) North Koreans interact with your gas pump API, other than that the internet is set up so that it is virtually impossible to prevent unfriendly parties from contacting your servers.
but you can be secure from all at the same time with similar effort, meanwhile most actual attacks that lead to damages come from the inside the network?
extreme shortsightedness.