I was at an event last night. One of the people there asked me what I think is next for the cybersecurity industry. He rightly observed that, despite the emphasis and spend on cybersecurity, bad things keep happening.
I told him I didn’t know, but in some ways it feels like the early days of cybersecurity (internet or network security in those days). It was the early 1990s, the internet had recently arrived, and there was a security void. That’s when the firewall emerged and was quickly followed by security scanners, intrusion detection systems, etc. We’ve out grown these technologies and now there is another void.
Despite the inadequacy, organizations continue to use these legacy technologies (e.g., firewalls, etc.) to defend their IT systems. However, IT systems are nothing like they were in the 1990s and early 2000’s. Think mobile, virtualization, and cloud.
Is it any wonder that cybersecurity outcomes are worse now than ever?
There needs to be a fresh approach to cybersecurity. We don’t just need evolutionary change. By way of example, if cybersecurity today is represented by a brick, we need a laser. That’s how sharp the contrast is. That’s how far apart we are right now. We have a brick, but we need a laser. We are in desperate need of new thinking and revolutionary change.
An interesting comparison might be what Apple did to completely disrupt the music industry with iTunes in 2001. Prior to the emergence of iTunes, so-called innovation was transitioning from albums and cassettes to CDs. Pre-iTunes you had to buy an entire album or CD even if you only wanted one song. No physical store was big enough to contain all of the music you might ever want. New music was available with the push of a button for just 99 cents per song. Record stores couldn’t compete with this cost model and convenience and are now largely extinct. It all seems so pedestrian now, but at the time iTunes was indeed revolutionary. iTunes is what people didn’t know they needed until they experienced it.
I think the cyber security industry is in a similar place right now. We keep buying the old stuff because that’s all we know about. As was the case with iTunes, people didn’t know the art-of-the-possible. With regard to cyber security, people keep putting up with the inconvenience and inadequacy of legacy technology because that’s all they know. Cybersecurity spend continues to increase yet outcomes don’t improve or get worse. Whether you are talking about music or cybersecurity, we shouldn’t expect better outcomes when we continue to use the same old stuff.
At this point we don’t need new and improved or Next Gen widgets. We need wholesale change along the lines of what Apple achieved with iTunes.
Back to the original question: “What’s next for cybersecurity?” I have no idea. However, it begs the question. What would Apple do?
I told him I didn’t know, but in some ways it feels like the early days of cybersecurity (internet or network security in those days). It was the early 1990s, the internet had recently arrived, and there was a security void. That’s when the firewall emerged and was quickly followed by security scanners, intrusion detection systems, etc. We’ve out grown these technologies and now there is another void.
Despite the inadequacy, organizations continue to use these legacy technologies (e.g., firewalls, etc.) to defend their IT systems. However, IT systems are nothing like they were in the 1990s and early 2000’s. Think mobile, virtualization, and cloud.
Is it any wonder that cybersecurity outcomes are worse now than ever?
There needs to be a fresh approach to cybersecurity. We don’t just need evolutionary change. By way of example, if cybersecurity today is represented by a brick, we need a laser. That’s how sharp the contrast is. That’s how far apart we are right now. We have a brick, but we need a laser. We are in desperate need of new thinking and revolutionary change.
An interesting comparison might be what Apple did to completely disrupt the music industry with iTunes in 2001. Prior to the emergence of iTunes, so-called innovation was transitioning from albums and cassettes to CDs. Pre-iTunes you had to buy an entire album or CD even if you only wanted one song. No physical store was big enough to contain all of the music you might ever want. New music was available with the push of a button for just 99 cents per song. Record stores couldn’t compete with this cost model and convenience and are now largely extinct. It all seems so pedestrian now, but at the time iTunes was indeed revolutionary. iTunes is what people didn’t know they needed until they experienced it.
I think the cyber security industry is in a similar place right now. We keep buying the old stuff because that’s all we know about. As was the case with iTunes, people didn’t know the art-of-the-possible. With regard to cyber security, people keep putting up with the inconvenience and inadequacy of legacy technology because that’s all they know. Cybersecurity spend continues to increase yet outcomes don’t improve or get worse. Whether you are talking about music or cybersecurity, we shouldn’t expect better outcomes when we continue to use the same old stuff.
At this point we don’t need new and improved or Next Gen widgets. We need wholesale change along the lines of what Apple achieved with iTunes.
Back to the original question: “What’s next for cybersecurity?” I have no idea. However, it begs the question. What would Apple do?