Why are we perpetually surprised (or not, depending on how you look at it) at the failure of so many at both the organizational and individual level to take cybersecurity seriously? I would argue that most people are placing cybersecurity exactly where it should be when it comes to the myriad risks in their lives, and that is unlikely to change until it is far too late for … [Read more...] about We Learn From Death
One of the more common reasons why most organizations push back on spending for cyber security is the lack of a “return on investment.” All that fancy, shiny cyber-y stuff costs a lot of money without providing a clear benefit that is commensurate with the expenditure. Firewalls are expensive. IDS/IPS are expensive. SIEMs are expensive. Talent to run it all (if you can even … [Read more...] about Good Cybersecurity is Not Glamorous
For all the benefits IT in general and the Internet specifically have given us, it has also introduced significant risks to our well-being and way of life. Yet cybersecurity is still not a priority for a majority of people and organizations. No amount of warnings about the risks associated with poor cybersecurity have helped drive significant change. Neither have real-world … [Read more...] about Cyber War: The Fastest Way to Improve Cybersecurity?
[Editor's note: This post from Michael Tanji of Kyrus-Tech first appeared at the highly respected national security blog Haft of the Spear. Follow Tanji online at http://twitter.com/mtanji -bg] Conventional wisdom is telling us that “assumption of breach” is the new normal. Some well-respected names in computer security would have you believe that the appropriate response to … [Read more...] about The (Dis)Illusion of Control