I was not really expecting this:
The surprising conclusion: there’s a long way to go, but we’re doing better than we think. There are substantial improvements across threat operations, threat ecosystem and organizations, and software vulnerabilities. Unfortunately, we’re still not seeing increases in consequence. And since cost imposition is leading to a survival-of-the-fittest contest, we’re stuck with perhaps fewer but fiercer predators.
Something that feels different from 10 years ago is a much greater focus on security compliance: SOC2, ISO 27xxx, etc. There's a lot more of this than there used to be, and this absolutely will help shut out the ankle biters and larval stage Bad Guys. A second order effect of this is that the lack of success for these types will encourage some of them to drop out of the hacking biz.
Of course, SOC2 won't really help much with the top predators, but I've said for a long long time that you are unlikely to be able to secure yourself from the KGB (OK, OK, FSB).
But all in all, this was unexpected good news.
1 comment:
All Greek to me, BP. But I am a Luddite that thinks the Unabomber was on the right track, 😂👍
I heard somewhere that the move is on at some sites where they demand a scan of your ID (a driver’s license?) - in order to access the website…? Even a knuckle dragging stubfart rube like me is too smart for that! I think the best way to treat the net is to assume that you are being monitored regardless of all the claims that your data is confidential…
Post a Comment