“The past is the best predictor of where we’re going.”
This statement was made by Chris Young, CEO of McAfee, during his welcome address to last week’s MPower Cybersecurity Summit, as he discussed the threat landscape.
As an avowed history buff, I found myself nodding at this statement. It’s true, that the best way to understand what to expect in the future is to look at similar cycles in our past. To say we’ve never seen or experienced something isn’t quite true; it’s more that current situations have adapted to contemporary settings. It’s not a rerun, but a present-day reboot.
That’s exactly what’s happening in cybersecurity. Cybercriminals aren’t reinventing new malware or attack vectors; they are modernizing them to circumvent more sophisticated security systems and more security-aware users. Now it’s up to us to recognize what we’ve seen in the past in order to rethink our security solutions of the future.
Young pointed out a good example of how the past can be used to predict the future. He mentioned WannaCry and Petya – two pieces of ransomware that wreaked havoc on our networks and data over the past year. Sure, the cybercriminals had some financial gain, but Young and other security professionals at this event see these ransomware attacks more as test runs. The goal was to see what the infrastructure landscape looked like in order to develop more complex attacks in the future.
So here’s the question: Will you review and update security systems to address more complex ransomware attacks based on what you know about past attacks?
I think we are so overwhelmed with present security concerns that we don’t have the ability to look into the future or we hesitate to second guess what cybercriminals might end up doing. Young said we have a tendency to categorize every type of malware and attack, and that ends up hurting prevention.
Instead, we need to be more proactive. There are no silver bullets – wouldn’t that be great if there were? – so we have to figure out ways to adapt the security systems we have now. I particularly liked this comment from Young on how to think about security:
We can’t always block the What, but during an attack, we must be able to quickly get to the Why and the Where.
If we use the past as a way to predict the future, we’ll be able to better figure out the Why and the Where – and I even think we’ll better know the How, as well.
After all, there is another saying about history. If we don’t understand it, we’re doomed to repeat it. That goes for cybersecurity, too.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba