CISO MAG - Cyber Security Magazine & News Looking Back on the year in Cybersecurity

VOLUME 3 ISSUE 11 BUZZ BUZZ A round October VOLUME 3 ISSUE 11 BUZZ BUZZ or November, we throw the collective fortune darts at the nearest board, wall, or screen to work out how the following year’s going to be in our electronic world. We’re the digital equivalent of the Farmers’ Almanac. Rates of ransomware attacks will fall (Kiuwan) I’m going to say this hasn’t been the case, and even if it can be found that the actual number of attacks in a country has decreased, then the effects and overall challenges with the attacks has significantly increased, especially in the case of many local, state, and government agencies, let alone the school districts and healthcare facilities. If you look at the statistics being quoted around the “every Yet, how often have we really taken 14 seconds a business falls victim to a ransomware attack” we’re NOW down to 11 a look back and worked out how seconds, so this one’s been solidly sunk and we still have to deal with ransomware accurate we’ve been? How often do and all $11 billion worth of damages. we look over our shoulder and assess our success rate and possibly how to improve our accuracy? So, this year, instead of grabbing the 6 nearest intern, developer, or passing user and practicing the art of extispicy like haruspices on them to work out what we’re going to be looking at in 2020, we’re going to take a look back at some of the 2019 predictions and have a little dig around the Internet to see how well the prognosticators faired. If one of these predictions is yours or you were the one who copied it, rebranded it, and made it your company’s, then accept the criticism AI will be a major force in information security (multiple sources for both defense and attack) Ok, this one’s partly true, but unfortunately not in the way we really want to see it. Marketing, sales, and all companies that blink in the night have taken up the cry of “AI will save us!”. As far as the eye can see, it’s a forest of AI marketing, explaining how their solution’s going to solve your problems and cook you breakfast in the morning, and most of it is utter codswallop. At best they’ve created an augmented system of pattern matching rules and assume the recommendations can now be called AI. We won’t even talk about their training models, their update capabilities, or understanding of how to scale and justify an ROI based on cost savings or increased maturity on the security scale. Please do right by all of us, stop throwing good money after bad and really dig into any AI solution to see what actually makes it tick and remember: all that glitters is not gold. and be a little more careful with how you read this coming year’s entrails, as there are now consequences. You will be held responsible! So, without further ado, let’s start with some of the cringe worthy ones: CISO MAG | December 2019 CISO MAG | DECEMBER 2019 7

CISO MAG - Cyber Security Magazine & News Looking Back on the year in Cybersecurity | Page 6