By Phil Reitinger
While there is a fair amount of FUD (fear, uncertainty, and doubt) in cybersecurity, there is less “fake news.” What we face is less made-up stories and more the blinding assault of the obvious masquerading as a new truth. I’ve decided to call these events “surprizez,” because they are not real surprises at all.
The most recent example is from Saturday, May 5. Warren Buffett, perhaps the most renowned investor in the world, said that “Cyber is uncharted territory. It’s going to get worse, not better[.]” With great respect to Mr. Buffett, duh. That prediction could confidently have been made a decade ago. “I’ve been working in cybersecurity for over 20 years. Each year, every year, I could make one prediction: next year, things will be worse. I make it now for 2019. I am confident in telling you that at the RSA conference in 2019, I will make the same prediction for 2020.
The evergreen surprize is the headline “X suffers breach,” where X is the entity of your choice. The implication (or explicit statement) is “who could have expected this?” Answer – anyone and everyone. To be fair, as resignation sets in, more and more press reports contain some version of “These attacks come as no surprise to anyone who’s worked in intelligence[.]” (This by Joel Brenner of MIT on attacks on the power grid.)
Other surprizez include:
My answers about what to do also will come as no surprise.
- Do something – real, concrete things, to reduce cyber risk.
- Treat cyber-insecurity as a significant homeland and national security risk, and invest resources and political capital to improve the situation.
- Build security into the Internet infrastructure and services so that individuals and business get security with connectivity. This is a type of security solution that scales.
- Do the basic things as well and as rigorously as you can. That doesn’t stop sophisticated threats, but it gives you more bandwidth to hunt for them.
The author, Phil Reitinger, is the President and CEO of the Global Cyber Alliance. You can follow him on Twitter @CarpeDiemCyber.