Cyber History Rhyming
There is precious little new under the sun, and that is especially true about cybersecurity. Consider these recent examples:
APT. The strategy of pwning a system and siphoning off data of value has been going on since we connected computers together. Sponsorship by a nation-state was first publicly documented in the mid-80s. What changes is certain key tactics, which is where the “advanced” part comes into play.
De Oppresso Liber. You won’t find many cybersecurity “experts” talking about it, but the first widely known effort to use the ‘Net as a tool to help those living in oppressive regimes is over a decade old. “Unprecidented?” Only if you’re just off the boat experience-wise.
Amit is right: industry hasn’t been doing very well, but then there isn’t really a demand for anything better. Not to any scale there isn’t. Why? Serious solutions cost money and data – while valuable – is still an intangible for most who run organizations of any size or import. An 80% solution would be great, but for the most part consumers of cybersecuirty solutions are happy with 50% or less as long as cyberattacks don’t actually kill people and the stock price doesn’t suffer.
As with any sufficiently important endeavor, bringing about real change in this business requires work; from the technical side that means understanding what business you are in, from the functional side it means taking the time to realize that not going out of business isn’t exactly winning and that keeping the “security” checklist up-to-date isn’t the same thing as actual security.
