2017 was a tough year from a cybersecurity stand point. We’ve seen some of the biggest hacks and data breaches ever, as well as one of the most devastating ransomware/malware outbreaks on record.
Despite all of this – I’m going to make a statement that will shock many in the industry – cybersecurity is getting better, not worse. Why is this so shocking? Primarily because we’ve become too reliant on headlines and vendor marketing to dictate where we are as an industry. We’ve become beholden to our own fear, uncertainty, doubt – which basically says that cybersecurity has never been worse.
It’s true that today’s attackers have access to a much wider array of capabilities than was available in the past. Nation-state techniques and malware have become available to the most resourceful attackers. However, more capabilities does not reflect the general trend of enterprise security as a whole. In fact, the opposite is true.
In contrast to most vendor marketing messages, startup investment decks, and even industry reports, both the security industry (vendors) and security practitioners (defenders on the front lines in the enterprise) have considerably advanced and demonstratively improved repelling, discovering, and remediating threats.