By Adnan Baykal
Someone has to say it – usually when someone has to say the emperor has no clothes, it is at a cost of making foes, because people don’t want to hear it.
We all read the latest Verizon Data Breach Investigations Report. It is full of the same information, threats, vulnerabilities and stats we have been talking about, dealing and living with for the last 15 years. Nothing has changed – new cyber organizations are spun up because cyber is a large and hot market. Threat intelligence and threat hunting is even hotter these days – if you come up with any combination of “cyber,” “threat,” “intelligence,” and “fusion,” you will likely come up with a company that was founded within the last 5 years.
Nothing has changed – Why? Because, as an industry, we are too territorial. We are not sharing as much as we need to; we are not collaborating as much as we need to; and more importantly, we are not honest… even with ourselves. There are many organizations out there that claim their sole goal is to help the public, but when push comes to shove, they are not. As an industry, we have become part of the problem not part of the solution. This must change.
How have we become part of the problem? We let sales drive security strategy. When this happens, you will be made to believe two things: you are all targets of the most sophisticated attacks that exist, and you will need to buy very expensive products to protect your organization. There is no discussion about the fundamentals of security, which is what most companies lack. No discussion on how patching, updating, proper hardware and software inventory, and access control addresses most of the security risks facing organization. And why is that? Because it is not sexy. It is not what sells.
We need to go back to the fundamentals. We need to be honest with ourselves and the communities we serve, and we need to act like responsible adults to understand that our messages and actions impact cyber security on a global scale. We need to learn that helping others helps us. We need to really believe in the fact that we don’t need to take credit for everything as long as the actions are serving the greater good and the main objective. The Global Cyber Alliance believes we can bring a community together that empowers others, gives credit to those who deserve it, amplifies existing efforts, and really puts a dent in global cyber risks. We are partnering with all organizations who share this philosophy and mission. Are you a partner yet? Let’s make the change together!
The author, Adnan Baykal, is the Chief Technical Advisor at the Global Cyber Alliance.