Cybersecurity is broken, and it’s not for lack of trying

From Security Magazine:

I have been in the cybersecurity industry for more than 20 years now. I have founded, operated, and exited several cybersecurity startups. I also advised, invested in, and even acquired a handful. Despite successful outcomes, my experience has left me perhaps a little jaded. Are we winning the battle? When I log into my various web accounts, I am so often reminded that my password had been stolen, sometimes alongside with my personal information. Even major financial institutions and government agencies have suffered a similar fate. Cybersecurity is broken, and here is why.

There are just too many solutions

A lot of good people are doing a lot of good work. In fact, there are over 3,600 companies right now working to solve various security problems. And therein lies the problem. This number is not sustainable. There is simply no way for CISOs to even get their heads around the sheer number of vendors and separate the wheat from the chaff. Cybersecurity is an arms race. Hackers keep finding holes. We keep creating point solutions to close them, however orchestrating a complex suite of solutions is error prone and errors we make call to the thief.

The human factor

Most hacks rely the simplest of techniques, such as social engineering in the form of phishing emails. It’s the human element that is so hard to control, and that human can be easily fooled to give away with his or her password, rendering a lot of our sophisticated tools irrelevant. Conversely, if our tools are too restrictive and users are unable to get their work done, they will find a workaround. This limits how locked down users can be and leaves us again at the mercy of the users’ behavior.

Source: Security Magazine

Read the full story here