Before seeking an answer, let's question the question.
I recently returned to the cybersecurity industry and (re)joined the good fight to secure the cyberworld. As the digital era unfolds, it feels good to be part of this mission-driven industry to help create a safe digital future. While a lot has changed, and there have been great advances in technology, does the cyberworld feel any safer today than before?
We are in the fight of our digital lives and the mission is certainly worthwhile.
But is the mission impossible?
The latest edition of The Economist makes a somber case that the cyberworld will forever be "hackable" and that cybersecurity is broken. The premise of this article is:
More software in more things that are more connected + More software written by non-software companies + "Ship code as fast as you can and fix it as late as you can get away with" mentality + Zero economic liability for shipping insecure code = A cyber-world that is doomed to be unsafe forever
That damning verdict can spur a few different reactions.
You could look helplessly as the very users you are trying to protect casually click socially-engineered emails as a spear pierces the shield you tried to put up. You could bemoan the fact that you are totally outnumbered by the bad guys, hanging your head in utter despair.
But those are failure-mode thinking! It's not about numbers, it's about strategy.
You could get angry and come out with your technology guns blazing. You could picture yourself crushing the bad guys with clever machine learning, artificial intelligence and data science.
But that is wishful thinking! The bad guys have all the same technology you do.
Or you could take a Zen approach. Before seeking answers, you could question the question. Is our mission to create an "un-hackable" cyberworld, or is it to create a safer world? You would ponder the idea that the world will forever be hackable, but our mission is not to eradicate hacking - it's to minimize the impact of it, thereby creating a safer world.
Now that we have framed the question properly, let's seek some answers.
Let's begrudgingly admit: an "un-hackable world" may be mission impossible. A safer world, though, is not just possible, but quite plausible (inevitable even) if you take the right approach.
I look forward to discussing just such an approach we have developed here at RSA, the first ever pure-play cybersecurity company (yes, we have been at it for 40 years) now part of Dell Technologies - the largest privately controlled technology company. Here is a teaser to the approach: when the amount of work to be done appears overwhelming, you should factor in the business context and prioritize ruthlessly. It's about applying business context to cybersecurity to protect what matters most and taking command of all risk. We call this Business-Driven Security and we launched it at RSA Conference 2017. I will dig into this more in the coming weeks and months.