Have we really been fixing cyber-security issues and challenges, or we just want to make money out of “lack of awareness”?
The simplest analogy I can think of is cigarette and generally tabaco industry. If we really believed that those are against society and individual health, how much is cost of cancer and other complications of consuming tabaco, we could simply stop producing them, not “trying” to make it harder for them (i.e. taxes, age restrictions…) which is actually useless and ineffective, hence totally ironic.
Same with cybersecurity, are we going to take steps to put a remedy out there, or we are again “trying to show” that we care about the fact and we make effort to mitigate irrelevant elements of it and keep it forever there to make money out of it?
Dealing with cyber-insecurities is not that hard. It starts within our organizations and it has to be supported by governments in order to be effective, but seems to me the entire community doesn’t have enough appetite to go toward a simple solution, just like banning tabaco all together forever, and we want just short time noneffective mitigations to demonstrate the effort and keep the market hot!
You may find this weird coming from a cyber security professional, but let me tell you that during more than 2 decades of active consulting and training sessions, all of my efforts have been focused on one mission: make sure client understand the problem and then find rational to fix it. that’s 180 degree against what market is heading always, let’s sell this product, this solution, which is usually not the solution to the real problem, but a short time expensive way of mitigating effects and consequences.
Cybersecurity should not be our problem in 21st century, we as humans have way more important things to do, we should care about water, food and health of the society, we should focus on education not identity theft, we must focus on soil and h2o not internet bandwidth.
Still my job as a security professional is to make sure my client can remediate root causes and focus on business as it supposed to be this way, people and businesses should be able to focus on what they are doing, not distracted by lame cyber criminal who taking advantage of a market solely focusing to make money out of complications rather than making money from real business interactions by adding valuable products, tangible assets to societies.