Cybersecurity is a significant industry, and there are many security solutions on the market. Do we know which ones work and which do not? Let us keep with the idea that when we look at the world of cybersecurity attacks and issues, we are looking at a world of digital pathogens.

We want to develop a plan on how we would address such a world based on the notion that digital illness is somewhat, if not precisely, like biological illness. We have methods to prevent, identify, and treat known illnesses in the biological world. Before all that, we must determine what a new disease or pathogen is and what it is doing, classify them, and then determine the course of treatment, prevention, etc. Many years of dealing with this in the biological world have led us to a pretty effective system. First, we identify a problem, classify the problem, and look at our bag of treatments. By and large, this is very effective.

How does this work in the digital world?

We do indeed have ways of identifying when things are out of order digitally. However, determining if the issue is related to malicious actors is more complicated, hence the issue with false positives with respect to cyber attacks. There is a delicate balance between being sensitive enough to detect most problems, and getting too much information to see the problem. Alert fatigue is a problem with very concrete effects that can lead to a person ignoring or failing to respond to a number of safety alerts.

It is important that we first classify digital anomalies accordingly. While the treatment for malicious or non-malicious anomalies may be the same, knowing which one is which is important because it is how we identify threats. So that is the first step.

However, as far as treatments go, things are all over the place. There is more than one way to treat a digital illness, but only a few are generally effective, and even less fall into the category of ideal. How are we supposed to sort the wheat from the chaff based on a sales pitch? 

In the U.S. Food and Drugs Administration (FDA), for example, we have a concept known as clinical trials. Every approved treatment has to go through such trials and because human lives are at risk, they can be lengthy. In the end, we come to a determination and consensus on what does work and can generally rely on such treatments every time. 

This is something that is lacking in the digital world and is what is needed to make this whole process more efficient.  What we have today is lots of different treatments and new ones coming on every day, but what ends up in the marketplace is the product with the best financial backing and marketing engine driving it forward. Again, it is not unlike the snake oil salesmen of yore.  Hire a good pitchman and you will make money.

We can talk more about this later. Just think about this for a moment.