No Sec Response:
Our focus is on addressing cybersecurity challenges by inventing new solutions, not controls.
Article:
Rarely a day goes by that we don’t see news about the poor state of affairs in cybersecurity. From data breaches at Target, the U.S. Office of Personnel Management, Sony, Disney, Yahoo!, Equi-fax and Marriot, the drumroll continues unabated. We are now in a world, where it’s a matter of when, not if, an organization is compromised by a cyber-attack.
Most of us think of cybersecurity as a series of controls (tools and knobs) that an organization has to implement, and it seems perplexing why cyber-defenders in the situations mentioned here failed to take the necessary steps to protect themselves. Our focus on addressing cybersecurity challenges has been around inventing new controls (or enhancing existing ones) and implementing them correctly in the enterprise. This is an inadequate view.
In this Viewpoint, we show why cybersecurity is a very difficult problem. The enterprise attack surface is massive and growing rapidly. There are practically unlimited permutations and combinations of methods by which an adversary can attack and compromise our networks. There is a big gap between our current tools and methods, and what is needed to get ahead of cyber-adversaries.
Author: Gaurav Banga
Date: 2020
