Cyber Defenseless
My assessment of the cyber defense capabilities of corporate America is that 99% of businesses are vulnerable to a sophisticated attack. Although the methodology I used to come to this assessment will remain somewhat confidential beyond a limited group of partners, it is a reminder that many practices and certifications for security won’t hold up under complex operational pressure. This pressure is less likely to come from a non-state actor, but it is getting possible for everyday entities to execute complex cyber disruption. These disruptions usually take advantage of overlooked vectors, such as low-level hardware vulnerabilities and also behavioral manipulation of those that have credentials. There are also a lot of issues with routing that don’t have an easy fix.
We only have two options:
1.) Build better systems with these defects in mind
2.) Store less sensitive information or no information
Anything beyond that is a vector for problems, but most problems won’t be a big deal — only some will be a big deal. 2024 could expose some of these bigger problems.