What Is Cybersecurity?- Over the past six months, I have performed an exhaustive review of the major cybersecurity products on the market today. I have reviewed everything from endpoint protection systems (EPS) and security incident and event management (SIEM) to unified threat management (UTM) and cloud and Kubernetes security options. In all of these products, I discovered one important reality: Nobody defines cybersecurity correctly anymore.
The World Economic Forum reports that over $1 trillion in damages can be attributed to cybersecurity incidents in 2018. With this ever-growing risk, it’s vital to know exactly what cybersecurity should be.
Back in the late 1990s, the mere thought of disrupting operations was taboo, as operational efficiency was paramount to everything else. Then, more and more damage was caused by a range of successful attacks, and, insidiously, cybersecurity vendors chipped away at the original goal of digital protection. This goal was and still should be safe, stable operations.
I am not going to write about all of the issues modern cybersecurity products have actually stopping attacks — just take a look at the news. Instead, I want to focus on the disappearance of the stability of operations. From what I’ve seen, this started with the rise of “agentless” cybersecurity products.
The Isolation Fiasco
To be clear, “agentless” does not mean “zero-touch.” In fact, many of these products do place appliances in line with ongoing communications. They may also redirect data to cloud-based operations. By definition, however, these agentless options never place any sort of agent on a device.
But what happens when an exploit occurs? Isolation — and that’s it. This new wave of products opts to resolve issues by isolating either the exploited device or the entire network on which that device resides. While this isolation is acceptable from a modern cybersecurity perspective, it is often a disaster from an operational perspective. The exploited devices are rarely somebody’s phone or laptop. Instead, they’re typically central servers or devices in a critical path. Taking those devices offline takes down operations, and operational downtime costs quite often exceed any damage elicited by an actual hack.
According to ITIC, 86% of firms say one hour of downtime costs $300,000 or more, and 34% of companies say one hour of downtime results in a loss of over $1 million. Another common isolation target is a data center, where the agentless approach of taking everything offline typically costs $300,000 per hour. Imagine being offline for a day and receiving a bill for over $7 million. That is just due to the cybersecurity response.