Cybersecurity is a significant industry, and there are many security solutions on the market. Do we know which ones work and which don't? Let us keep with the idea that when we look at the world of cybersecurity attacks and issues, we're looking at a world of digital pathogens.
We want to develop a plan on how we would address such a world based on the notion that digital illness is somewhat, if not precisely, like biological illness. We have methods to prevent, identify, and treat known illnesses in the biological world. Before all that, we must determine what a new disease or pathogen is and what it’s doing, classify it, and then determine the course of treatment, prevention, etc. Many years of dealing with this in the biological world have led us to a pretty effective system. First, we identify a problem, classify the problem, and look at our bag of treatments. By and large, this is very effective.
How does this work in the digital world?
We do indeed have ways of identifying when things are out of order digitally. However, determining if the issue is related to malicious actors is more complicated, hence the issue with false positives with respect to cyber attacks. There is a delicate balance between being sensitive enough to detect most problems and getting too much information to see the problem. Alert fatigue is a problem with concrete effects that can lead to a person ignoring or failing to respond to a number of safety alerts.
It’s important that we first classify digital anomalies accordingly. While the treatment for malicious or non-malicious anomalies may be the same, knowing which is which is important because it’s how we identify threats. So that’s the first step.
However, as far as treatments go, things are all over the place. There is more than one way to treat a digital illness, but only a few are generally effective, and even fewer fall into the category of ‘ideal’. How are we supposed to sort the wheat from the chaff based on a sales pitch?
In the US Food and Drugs Administration (FDA), for example, we have a concept known as clinical trials. Every approved treatment must go through such trials and because human lives are at risk, they can be lengthy. In the end, we come to a determination and consensus on what does work and can generally rely on such treatments every time.
This is something that’s lacking in the digital world and is what is needed to make this whole process more efficient. What we have today is lots of different treatments and new ones coming every day, but what ends up in the marketplace is the product with the best financial backing and marketing engine driving it forward. Again, it isn’t unlike the snake oil salesmen of yore. Hire a good pitchman and you will make money.
We talk more about this later. Just think about it for a moment.