It’s been a depressing start to the year as far as breaches and malware go, and I’ve seen a worrisome trend toward “cyber-despondency” in the sentiment of many CISOs. When orgs with huge security budgets are still easily rolled and we see warnings of a “Cyber Armageddon”, what can we do?
After all, who are you to contradict Keith Alexander when he says “There are only two kinds of companies – those that have been hacked, and those that will be”? He really ought to know. Even if you detected Equation malware you’d have to destroy your PCs to get rid of it. BYOD is a joke if every call can be intercepted or if malware was installed by the device OEM.
CSO magazine says we’ve passed the cyber-tipping point. And worse still, a leading CISO, Alex Stamos of Yahoo recently declared the security market to be broken – bemoaning the point-solution nature of the vendor landscape and pointing out the failure of vendors to solve the problems they claim to.
So what are you going to do? Now is not a time for inaction or blame. On the contrary, it is time for security Pros with courage to demand change – starting with your own infrastructure and IT management organization. It’s time for courage in the face of cyber-nihilism. Here’s the full piece.