Cyber Security for Dummies
My goal in writing this article is to convey my anecdotal experience with where cyber security sits today. The media portrays a scenario of doom and gloom that appears to not be slowing down. The reality is that the situation is much worse than it seems. Every day we see another notable company fall victim to a new security attack that exposes a vast amount of our personal data, so panic ensues. The truth of cyber security as we know it is a downward spiral to put it lightly. Once an attack is successful, the source code is shared across GitHub, and like a virus multiple strains of the attack are formed. If these attacks don't succeed the next method is through extortion, and more drastic means.
Cybersecurity in today’s market is a lot like sleeping with a blanket that is far too small. You lay down on a cold night with a blanket built for a toddler, you wrap your chest with the blanket which completely exposes your feet. You then cover your feet with the blanket and your chest is fully vulnerable. ?Companies today try to mitigate threats the same way. Let’s think about how companies try to solidify their identities. They pick from a long list of options that tie down their identities like Fort Knox, using conditional access policies, phishing resistant MFA, and everything else under the sun. Focusing on identity management seems successful initially, but now someone is sneaking out the side door with your data.
You may be wondering how or why these attacks happen so frequently, and some of you reading this may have your own interpretations. I had a CISO tell me recently the security industry has transformed from a risk-based security program to a budget-based approach. Basically, having to protect more assets with less resources. Technology Executives have to not only maintain profits and consistent growth, but simultaneously balance protecting themselves and their customers. They fight daily with talent shortage, budget constraints, and hundreds of security tools (shown below). All while threat actors have no shortage of funding as ransoms continue to be paid out averaging $20 billion yearly.?
There is some good news. Innovation continues to grow, and more ethical hackers are joining the good side every day. Companies who historically competed with one another are beginning to open their doors for integration and collaboration, sharing threat intel as each attack occurs, allowing security companies to learn and advance while ultimately helping our customers.