So, cybersecurity is getting into a new yet existing phase with human nature centric approaches. Secure by default UX seems coming next. This is no surprise a bit complicated problem that would need cross discipline collaboration. Thank you for bringing that perspective
I postulate that much of this learned helplessness is the direct result of reliance on detect and respond.
The key premise is that the timeline starts when an incident, vulnerability, exploit, or threat needs to be detected in order be actionable. That places the burden on the defenders, who are now permanently navigating alerts, and still getting surprised by things that evaded the security posture. No wonder people burn out and "assume breach", "when not if", attackers have the advantage, and many others.
For the longest while this was truth. With the advances in computing, big data, and the emergence of predictive AI, we can now predict attacks before they happen, and with good accuracy to avoid false positives. Not only this can be used to complement a traditional posture centered around detect and respond, it can also buy defenders the time to take a preemptive action on the threats. There's more innovation here, as the set of proactive and effective measures continue to expand: disrupt traffic to or takedown malicious infrastructures, block access from and to the network, move resources dynamically inside the network, or deceive attackers by providing bogus, synthetic data in their discovery or obfuscating the data in transit.
So more and more this is no longer a problem of capabilities or access to them; we can approach security in a different way. It's now a matter of mentality, and how much old narratives can still jeopardize a more modern and effective approach to security.
"everyone doomed to die" but it still have meanings of live. And yes "Attackers only need to be right once, defenders need to be right all the time”, but "defenders only need to detect in one place, attackers need to be undetected all the path", and finally "breach doesn't equal fail", security is about ROI and risk reduction.
So, cybersecurity is getting into a new yet existing phase with human nature centric approaches. Secure by default UX seems coming next. This is no surprise a bit complicated problem that would need cross discipline collaboration. Thank you for bringing that perspective
I postulate that much of this learned helplessness is the direct result of reliance on detect and respond.
The key premise is that the timeline starts when an incident, vulnerability, exploit, or threat needs to be detected in order be actionable. That places the burden on the defenders, who are now permanently navigating alerts, and still getting surprised by things that evaded the security posture. No wonder people burn out and "assume breach", "when not if", attackers have the advantage, and many others.
For the longest while this was truth. With the advances in computing, big data, and the emergence of predictive AI, we can now predict attacks before they happen, and with good accuracy to avoid false positives. Not only this can be used to complement a traditional posture centered around detect and respond, it can also buy defenders the time to take a preemptive action on the threats. There's more innovation here, as the set of proactive and effective measures continue to expand: disrupt traffic to or takedown malicious infrastructures, block access from and to the network, move resources dynamically inside the network, or deceive attackers by providing bogus, synthetic data in their discovery or obfuscating the data in transit.
So more and more this is no longer a problem of capabilities or access to them; we can approach security in a different way. It's now a matter of mentality, and how much old narratives can still jeopardize a more modern and effective approach to security.
"everyone doomed to die" but it still have meanings of live. And yes "Attackers only need to be right once, defenders need to be right all the time”, but "defenders only need to detect in one place, attackers need to be undetected all the path", and finally "breach doesn't equal fail", security is about ROI and risk reduction.