Published: May 01, 2017
Author: Marc Spitler

In the cyber-security industry, we can be guilty of pessimism. It always seems like the odds are in the other guy’s favor. That one attack that does get through will cause more reputational damage than we could repair by preventing a thousand others. And now we’ve got nation-states rolling up their sleeves and attacking targets which, in the West at least, are mainly protected by the private sector whose resources are far less. Add to that a rapidly growing ecosystem of “smart” but insecure devices that consumers love, and it can feel like $DEITY is having a joke at our expense.

That’s the feeling we got at the roundtable dinner we held during this year’s RSA Conference back in February. We found out what happens when you invite former White House, FBI and CIA advisors together, alongside the senior editor of the Journal of Natural Security Law and Policy, a security advisor at Microsoft, the chairperson of the Internet Architecture Board, and other senior leaders, to discuss what matters most to them and their industry. Hint: state-sponsored cyberattacks featured heavily which chairperson, Paula Januszkiewicz, CEO of CQUREAcademy.com, deftly nurtured to help the conversation cover the winners, losers and its global effects. 

The roundtable continued, swapping and sharing industry experiences and facts, posing questions and thinking deeply about certain, key, events – citing Sony’s 2014 breach by North Korea as a critical turning-point. One point they could all agree upon: that the future of cybersecurity is largely unpredictable.

State- versus private-sponsored attacks and defence also featured strongly in conversations. Commercial products are unlikely to beat state-sponsored attacks, one delegate noted, while another agreed with the Netherlands’ pragmatic stance of hand counting votes in its 2017 election.

Paul Rosenzweig, however, did not. “Doesn’t that depress you though? That our answer to the threat is to go back to 1970?”

Our report, which you can download here, captured these illuminating, often tense discussions, and more, ranging from nation-state actors, collaborative security and the perhaps surprising, emerging role of the consumer.

But don’t imagine that it’s all doom and gloom in cybersecurity. The report contains a feature from Olaf Kolkman the chief internet security officer at the Internet Society—who spoke on this topic with Bruce Schneier at RSA—about ways forward for the IoT in security, so there is hope!

We’re now two months on from RSA, and we’ve just launched the 10^th annual Data Breach Investigations Report (DBIR)—our tenth one, in fact. It’s a compendium and analysis of the real-world data breaches and security incidents either investigated by Verizon Enterprise Services or provided by one of our outstanding data contributors. What started out as one contributor—us—has now become 65, giving a much more rounded view of the industry and threat landscape.

So how will a catalogue of data breaches make for uplifting reading?

In our industry, information is power, and we’re constantly improving the DBIR to be more informative to you, the readers. This year, for example, we’ve incorporated eight detailed industry-specific sections that cover accommodation (hotels and restaurants), education, financial services, healthcare, information, manufacturing, public administration, and retail.

The RSA Roundtable report captures the discussion between a group of industry leading security professionals and gives you an insight into the key trends they think will shape the cybersecurity industry and impact enterprises in the years to come.  The DBIR is based on an unparalleled corpus of data on real incidents and data breaches. Both should be required reading for any C-Level executives or other industry professionals seeking to understand the key topics of the moment.

You can download the summary account of our roundtable dinner with RSA speakers here, and you can read the 2017 Data Breach Investigations Report here.

Marc Spitler is the author of the Verizon Data Breach Investigations Report and Senior Manager of Cybersecurity at Verizon Enterprise Solutions.