Criminals are winning the battle against security practitioners. Need proof? Look no further than the new headlines in any given week.
Billions of dollars are being spent on the latest and “greatest” tools, and millions of people hours are being exhausted in the defence of our data. Yet with all this effort, it remains trivially easy for most criminals to compromise systems. After decades of practice, we—the security community—seem to be no further ahead. In fact, a strong argument can be made that we’re falling behind…rapidly.
Why? If you ask any cybersecurity professional how to defend an organization, you’ll get answers that maintain the status quo, and excuses citing how good cybercriminals are. Rarely do the answers point to organizational structure, internal incentives, or working with the rest of the organization.
So, why do we not question the current approach despite mounting evidence of its failure, and learn from those mistakes?
In this talk, we’ll explore those failures, the reasons behind them, and what steps we can take to correct them. No one is naive enough to believe there’s a magical solution to cybersecurity, but by asking if a different approach could be more effective, we may just find a more successful way forward!