By Andrew Roberts, MicroAge Chief Cybersecurity Strategist
I spend a lot of my time focused on the cybersecurity market. Many people need me to help them sort out the complicated landscape and know which things will make a great impact and which things will quietly go away. It’s challenging to keep up with new technologies and the never-ending parade of new vendors.
Sometimes, it is helpful to look backward to understand which things in our past have made a big difference in cybersecurity and which have not. That exercise can help inform the future and make sense of things to come. For me, it’s a periodic thought exercise that often provides insight into the future.
As I have been reflecting on the past, evaluating the outcomes of the hundreds of things that have changed in the cybersecurity world, I have also been keeping a list on my whiteboard. I believe this list contains the key catalysts that have truly made systemic, earth-shattering changes to the way cybersecurity is done. So far, that list is only four items long – and three of them might surprise you.
I admit, this one’s a no-brainer. If it wasn’t for the Internet, computers would not have an always-on continuous connection to every other computer on the Internet. Cybersecurity would be easy. I’d be doing something else with my time. Amazon would not be able to deliver anything to me today. Google would not be searching for anything. Elon Musk would not be Tweeting or ‘X’ing or anything. I’m glad we have the Internet, but it created the need for cybersecurity as we know it.
Before the iPhone, we all had very strong “castle and moat” cybersecurity. We built strong walls (firewalls, actually) to protect our IT infrastructure. Nothing from the outside was allowed in. It was very easy to control who and what had access to our systems. Your computer was always company-owned because IT administrators did not trust personal devices, ever. If you wanted emails on your phone, it was a company-owned BlackBerry that connected to the company-owned BlackBerry Enterprise Server (or BES, pronounced /bɛz/ for those who remember those days). “Bring Your Own” was not even considered.
I remember when the iPhone came out; it changed everything. People in the C-suite bought them and insisted that they have access to the network and email. Within a couple of years, the BES was gone, and BYOD was born. Smart organizations embraced the change and adapted their cybersecurity posture. Some organizations tried to fight it. They bought iPhones for the execs and shunned everyone else. They lost and adapted their cybersecurity posture. Either way, everyone changed in the end.
Some people ask me if ransomware is on my list. SPOILER ALERT: It’s not. Ransomware did not drive the changes to cybersecurity that we have seen. They are a symptom of what really brought about the change: cryptocurrency. Crypto made ransomware possible. Before that, there was no way for cybercriminals to (semi) anonymously get paid for their efforts. What were they going to do? Encrypt data and ask for a check? Of course not. There was no scalable way to get paid, so they focused their efforts elsewhere. There was no ransomware.
Cryptocurrency changed that forever, and there’s no going back.
In December 2019, if the CIO was thinking about enabling a remote workforce at all, it was a five- to ten-year plan. Six months later, it was done. Everyone was working from home. The perimeter, which was weakened by the iPhone, disappeared completely. Cybersecurity, once again, has changed forever.
Now, years after the pandemic, we’re starting to think we’ve got the problem solved. For most of us, that’s not true. We’ve got more to do before we have our cybersecurity posture adjusted to this new reality. We’ll get there, but it will take some more work.
What didn’t make the list?
There are a lot of other things that we have heard about throughout the years, from machine learning to EDR/XDR/MDR, to SASE, to CASB, to Zero Trust, and more. Many are little more than buzzwords. None of them made fundamental changes to the way we do cybersecurity. They have not changed cybersecurity forever. They have not earned their place.
Artificial Intelligence is not there either – yet. The jury is still out on that one.
The world of cybersecurity is complicated. We have experts who truly understand the complexities of today’s cybersecurity market and challenges. Don’t try to do it alone.
We can help you simplify your cybersecurity journey.
Contact your MicroAge Account Executive at (800) 544-8877 to start a conversation about your cybersecurity needs today.
“As MicroAge Chief Cybersecurity Strategist, Andrew partners with clients to help them achieve great accomplishments in their cybersecurity, governance, risk and compliance programs. He is building a successful cybersecurity practice by focusing on client success, sales enablement and partner alignment. Andrew brings a wealth of experience in audit, advisory and cybersecurity leadership and freely shares that knowledge to help put clients on the path to success.”Andrew RobertsMicroAge Chief Cybersecurity Strategist