2017 has been a tough year from a cybersecurity stand point. We’ve seen some of the biggest hacks and data breaches ever, as well as one of the most devastating ransomware/malware outbreaks on record.
Despite all of this – I’m going to make a statement that will shock many in the industry – cybersecurity is getting better, not worse. Why is this so shocking? Primarily because we’ve become too reliant on headlines and vendor marketing to dictate where we are as an industry. We’ve become beholden to our own fear, uncertainty, doubt – which basically says that cybersecurity has never been worse.
It’s true that today’s attackers have access to a much wider array of capabilities than was available in the past. Nation-state techniques and malware have become available to the most resourceful attackers. However, more capabilities does not reflect the general trend of enterprise security as a whole. In fact, the opposite is true.
In contrast to most vendor marketing messages, startup investment decks, and even industry reports, both the security industry (vendors) and security practitioners (defenders on the front lines in the enterprise) have considerably advanced and demonstratively improved repelling, discovering, and remediating threats.
Don’t Believe Your Lying Eyes – Security is Getting Better
In a world of Equifax, Deloitte, WannaCry, Uber and more, how can this possibly be true? Haven’t more records been breached than ever before? What about nation-state attacks?
If you go by headlines, you’re likely to disagree that security is better. Here’s the problem – security isn’t about headlines. Headlines can be more reflective of reporting requirements than they are about the actual state of enterprise security.
Our reality is that sensationalism sells – so media, vendors and analysts try to out-scoop each other, disclosing the next big vulnerability or hack. In some cases, vendors and reporters make news where it doesn’t exist (like when a single infected laptop was reported as the Russians hacking utilities!)
Granted, there are many more attackers out there and there are orders of magnitudes more things to attack (hello IoT), but when you consider how the attackers’ operandi have evolved over the past 25 years, you can see just how far we’ve come:
When viewed over time, you can see how our industry has progressed and how we continually get better. In the last decade, there has been a fundamental shift that has driven our growth. It was during this period that we saw the innovation of the Security Operation Center, business processes supporting disciplined and rapid triage, and continual security program improvement driven by auditing and greater understanding of each breach.
So, what’s the point of the history lesson? Understanding these patterns, as opposed to sensationalizing each attack, gives a model for understanding where we are today in cybersecurity, and where we’re heading.
It allows us to do this without the overwhelming sense of panic that often accompanies each subsequent story about a company being breached. Without FUD, we can rationally predict the evolution of the threat landscape and better identify the solutions to protect against the next wave of attacks. So forget what your lying eyes tell you. From both an industry/vendor standpoint down to the security analyst on the front lines – security is getting better.