Even though a lot of money has been spent on tools, people, and other resources, cybersecurity results are still getting worse This article explores truths cybersecurity fear. . Because people are more focused on checklists, metrics, and compliance frameworks than on real results, organizations can look safe on paper but still be open to attack in real life.
Organizations need to change the way they think about success by looking at how security controls affect users and business operations. Andrew Rubin, CEO of Illumio, said at a panel discussion in Las Vegas, "We're doing more each year, but it's getting harder and harder to see improvement in our results." The event "Hard Truths in Cybersecurity: Fear, Liability, and Industry's Biggest Lies" looked at what is fundamentally wrong with the cybersecurity industry.
The panelists at the Las Vegas conference said that the conversation showed that there is a disconnect between what people invest in and what actually happens in cybersecurity. A lot of companies still use old methods, like signature-based detection and traditional data loss prevention. These controls are still important, but people often forget about them when they don't work against real-world attacks.
Instead of assuming that security is always working, it should be seen as something that needs to be checked all the time. "Don't assume, don't trust, check," said Brown from SolarWinds. "Technology has given organized crime the power of a nation-state," Boda of Nationwide said. He said, "An agent can read emails for a year and slowly get worse."
"This persistence changes the economics of attacks, making them more sustainable," Brown said. "AI is already having an effect." "An agent never gets tired."
"An agent never gets tired," Boda said. "It's not just about being able to read emails." He said, "It's also about being able to read and respond to emails."
