Going Back to Basics to Fix Our Broken Approach to Cybersecurity


Cybersecurity has garnered plenty of mainstream attention lately—but for all the wrong reasons. The past year has been marked by a seemingly unending stream of major companies and organizations coming forward to admit they were the victim of a data breach or malware attack. When cybersecurity measures are working well, the end users are never even aware of them. So when ransomware suddenly becomes a household term, you know something is seriously broken with our approach to cybersecurity.

The extent of the problem is borne out in the statistics. The total number of companies that suffered data breaches in 2020 was 1,108, a high that was already exceeded by the end of September, when the total rose to 1,529 (a 17-percent increase)—and the year isn’t even over! Supply chain attacks are also on the rise, but are often a woefully overlooked attack vector in an organization’s security stack. A recent survey revealed that 83 percent of organizations suffered an operational technology breach during the previous three years.

The uptick in major breaches and ransomware incidents has already affected spending priorities, prompting 91 percent of organizations to increase their security budget in 2021. While this is a positive development overall, it underscores the futility of simply throwing more money at a broken system. If a fundamental change isn’t made to their existing security stack, these companies will continue to fall victim to the same threats they always have. It’s a cat-and-mouse game that they will always lose.

So that’s the bad news. The good news is that by augmenting our cybersecurity focus on a fundamental feature of internet architecture, we can start protecting ourselves in a proactive manner. Organizations often view cybersecurity as a wall around their organization’s network, keeping all of the nasty bits of the internet at bay while their critical data stays safely protected within. Unfortunately, in the modern landscape, a determined threat actor will eventually find a way to bypass their target’s defenses—whether by taking advantage of an unpatched exploit, successfully carrying out a phishing scam, or exploiting a…

Source…