The Turning Point in Cybersecurity
How today's cyber landscape is leading to left of bang approaches
It feels like we are approaching a turning point in cybersecurity.
Before I get there, though, let's rewind about 20 years because there is an odd parallel between the insurgency the American military fought in Iraq with our allies and the cybersecurity landscape today.
After the fall of Baghdad in 2003, the American military found itself in an asymmetric arms race with Iraqi insurgents to deal with the roadside bombs being used to attack our vulnerabilities.
In response to the bombs, the military began putting more armor on our service members and adding armor to our vehicles. The goal was simple and well-intended: protect our troops from the explosions.
But each time we added more armor to our vehicles, our adversary simply built a bigger bomb. Except they did it at a fraction of the cost. So, we added more armor.
As this cycle continued over a number of years, it had the cumulative effect of grinding our operations to a halt. Our vehicles were massive. Troops were weighed down under an incredible amount of body armor. Accomplishing our goals was becoming increasingly difficult.
The challenge was that so much of this spending was focused "right of bang" and protecting against attacks that seemingly couldn't be prevented.
It was at this point that General Mattis directed the development of the Combat Hunter program to shift our focus "left of bang." Learning to recognize attackers before an incident occurred made a proactive approach possible.
Today, this exact same dynamic is playing out in the cybersecurity industry.
Trillions of dollars are being spent on cybersecurity solutions - yet attacks continue to increase. These attacks are creating truly devastating impacts on governments, companies, schools, hospitals, critical infrastructure, individuals, and so many other elements of our society.
As our defenses grow in complexity and bloat in response to these attacks, our adversaries identify asymmetric ways to bypass those defenses and wreak havoc.
Like the military spending in Iraq and Afghanistan, much of this money is focused right of bang. It is to try and react better. To try to minimize the impact of a successful attack. To be able to say, "Look at all we did," to say that “we tried.”
While that approach clearly isn't enough, I also have a lot of hope.
I am starting to see many more references to a left of bang approach to cybersecurity.
Companies are finding opportunities to improve their situational awareness of activity occurring on their networks and devices.
Companies are honing in on the indicators that show an illegitimate intent and developing confidence in practitioners to take proactive action.
Companies are developing the plans and capabilities needed to respond quickly and decisively before incidents begin.
It all begins with creating an awareness that proactive approaches are possible, and that will lead to continual improvements in how we make that a reality.
That turning point is coming.
If you enjoyed the article, consider joining the conversation on LinkedIn.
Whenever you’re ready, there are 3 ways I can help you:
1. The Tactical Analysis Online Course: Join over 4,000 students who have learned how to read behavior, establish baselines, and recognize threats using the approach written about in Left of Bang: How the Marine Corps’ Combat Hunter Program Can Save Your Life.
2. Subscribe to the Left of Bang Academy: Access the tools and resources needed by professional emergency managers and homeland security professionals to prepare their organizations for future disasters, disruptions, and crises.
3. Share the Left of Bang newsletter with friends and colleagues to help your organization and the industry prepare for an uncertain future.