Exploits, data breaches and ransomware campaigns are succeeding despite increased public awareness about these threats. New victims are found, old targets are rediscovered and people want to know how this keeps happening.
It isn’t because people don’t care. In the past three years, according to Google Trends, the subject of hacking has generated more queries than poverty, bankruptcy, corruption and even nuclear war. Plenty of individuals are trying to learn more, but what they find is confusing because of the way security vendors have historically positioned, justified and sold security. In their efforts to differentiate themselves and express the urgency of the problems they solve, vendors have unintentionally paralyzed buyers. For security to improve, these old habits have to change.
Security companies are pretty consistent. When they uncover a new and successful attack that is creating an urgent need, they develop solutions to identify, block and recover from it. To raise interest in their new solutions, they develop campaigns and tools intended to show that a next generation of technology is the answer or that an entirely new approach is required. Existing solutions are cast as no longer appropriate because they have allowed this new attack to succeed.