If the goal of cybersecurity is to make sure that the system you are building works as intended and only as intended, what about stopping hackers?
What about preventing malware and ransomware? What about those ridiculous scenes we see in TV and the movies? Isn’t that security’s job?!?
Calm down, it’s ok. That’s all in there still.
But if your primary goal is to stop something from happening, you’re creating more problems than you’re solving.
Stop That
In the physical world of security, it’s easy to track and measure a stopping type goal.
Anyone can figure out how to track your performance if you goal is, “Make sure this painting doesn’t get stolen.”
As we cross over into the digital world, things get exponentially more complex. You can’t assume that you would know if something bad happened. Technology is just too complex and it changes too quickly.
The best way forward for cybersecurity is to assume a compromise at some point and try to figure out the best way to reduce any potential impacts.
Teamwork
Our updated goal encourages systems level thinking and requires teamwork.
The goal of cybersecurity is to make sure that the system you are building works as intended and only as intended.
If it sounds odd to think that security teams and people building technology should assume failure in their work. I would encourage you to try and view it as more pragmatic.
For really critical activities, it’s important to have a backup plan.
If you applied to University or College, odds are you applied to more than one school. You didn’t want to be left without an option.
More important than a backup plan, this goal forces teams to work together towards a single goal.
…and working together to build better systems has benefits well beyond just security.