The Art of the Asterisk: Why the Current State of Cybersecurity Doesn’t Work
Oren is a predominant cybersecurity industry thought-leader committed to keeping high-level national security conversations relevant, moving forward productively, and always thought-provoking.
Despite the billions spent on cybersecurity we continue to suffer the most debilitating and expensive breaches imaginable, and some that cannot be imagined under any circumstances. Yet experts predict the worst is still to come.
“You pay your money, as the saying goes, and you take your chances.” says Falkowitz, CEO of Area 1 Security. “More and more these days, it seems like this ‘policy’ is the rule rather than the exception, in everything from health care insurance to the commuter parking lot. Even though you’ve paid for the product or service, no one’s really responsible for some reason when you suffer damages while consuming whatever it is you bought. Or worse yet, you somehow find that whatever you bought doesn’t really do what you bought it for. And there’s an asterisk somewhere in the fine print to explain why. Unfortunately, nowhere is this more prevalent than in today’s cybersecurity industry.”
Cybercrime has moved from data theft and website defacement to a trajectory that includes data manipulation, data loss and eventually, if something is not done to change the economics of being a bad guy on the internet, threats to the stability of society itself.
“Cybersecurity companies seem to be content to collect their millions with the caveat that they can’t really offer protection in exchange,” continues Falkowitz. “Their customers likewise collect mountains of data on their customers and are appropriately contrite when that data is stolen or misused but the apology is not accompanied by compensation. Even the government can’t protect itself, or its citizens even if they’re attacked by another nation-state.”
The excuses and the explanations are familiar: Cybersecurity is too complicated. Hackers are too clever. Attacks are unprecedented.