Cyber security has risen to prominence on the agenda of many business leaders.
Large firms have been struggling with it for decades in spite of significant investments in that space, but for many across the boardroom, the realisation has taken place over the past few years that cyber-attacks were simply a matter of “when” not “if.
You don’t have to go far to find cyber security professionals complaining about skills shortages, but the problem has several dimensions which have to be understood and mapped out before we can start to figure out possible solutions.
The short tenure of the CISO continues to generate a vast amount of debate, aggravated by the COVID pandemic and the “great resignation” episode that it is inducing.
The Pyramid of Pain was created by security professional, David J Bianco, in 2013, while he was threat hunting and working on incident response. The Pyramid ranks, in ascending order, the list of indicators used to detect an attacker’s activities and how much “pain” it will cause the attacker by denying these different indicators, as well as the effort and difficulty to find each indicator for the security analyst.
For the past 20 years, cyber security – information security in its early days – has been seen primarily as a technical matter, to be solved by technologists using technology means.