On October 19, 2021, we published a book, "Modern Cybersecurity: Tales from the Near-Distant Future". Over the next few weeks, we'll be publishing excerpts from the book. Our first excerpt is from the Preface by Erkang Zheng.
Cybersecurity is transforming. The last decade of cyberattacks, threat actors, and an endless stream of breached data was just a catnap compared to what's coming next. Only by understanding the changes that have taken place in information security can we anticipate the profound metamorphosis the industry will undergo over the next three to five years and what we must do to prepare for it.
I remember the days when cybersecurity meant analysts sitting in the SOC, staring at four screens all day long. Servers and workstations were housed in a physical location, and security was operationalized from a defensive posture, fortified by a tangible perimeter and focused on protecting a relatively contained set of "things." We built our approach to security upon our understanding of the physical environment and what it took to protect it. We conducted annual penetration testing and PCI assessments as a sufficient measure to provide peace of mind in security for most organizations. For years, we assumed and relied upon our technology infrastructure and operating environments being relatively static, with only material changes no more than once or twice a year.
This concept has transformed into a new vision for security. Everyone is adopting the cloud. Everything in technology is becoming software-defined. Across every industry, the COVID-19 pandemic further accelerated these trends, cramming a decade's worth of digital transformation into a single, unprecedented year of change. Yet, at the same time, we've all continued the endless struggle against a rapidly-metastasizing cybercriminal contagion.
As a result, our concept of security must be re-evaluated: But what is its new foundation? What are the new basics for cyber operations? Physical boundaries are no longer a limiting factor. Even the logical boundaries are getting harder to define. The new perimeters surround an individual piece of data, or an individual user identity, most of which is defined on the software, application, and data layer. It is no longer enough to find and protect cyber assets. We must also understand their relationship to one another.
The impact and outcome of security breaches are drastically different within these types of relationship-based environments. What we are now seeing is cyber espionage on a nation-state scale against commercial or public interests. A ransomware attack against a hospital can result in loss of life, not just financial disaster. Factor in an attack spanning an entire city, or a region, and it's clear that the scale of risk and its potential impact are escalating fast.
The industry is racing to develop new approaches and solutions to adapt to this changing environment. From small startups to global enterprises, the first line of defense is the organization itself. The larger the enterprise, the more this becomes a company-wide responsibility.
The current state of defense is in the form of security teams. But as part of the cybersecurity transformation currently taking place, companies are beginning to re-evaluate and relearn the basics of cybersecurity. Unfortunately, companies have counted on little or no help from public entities or the government in terms of prevention during this transformation phase. But that's starting to change. Organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) engage with the private sector to help address this particular issue. As a result, the future of cybersecurity is in a symbiotic public/private partnership. Conceptually, it marks the transition to a new era for security.