What lessons have we learned from a decade in cyber security?

If I look back over the last 10, even 20 years I’d say that we haven’t actually learned that much as evidenced by the continual increase in cyber nastiness. Simply, the ‘cost’ of launching a cyber attack is far too low. Will it be the same story in another 20 years?…:

A colleague recently asked me what I thought had changed in cyber security over the last 10 years. We agreed that it had certainly been a time of momentous change.

In 2012, there was the Shamoon attacks in the Gulf region. In one stroke, 35,000 computers were wiped and disabled within a matter of hours.

Five years later, the “WannaCry” virus ripped through IT infrastructure like wildfire, encrypting hundreds of thousands of computers in over 150 countries. Not only was the scale of the attack deeply concerning — it also took down vital services. Travel networks were affected, and medical appointments throughout the UK were disrupted.

The second large-scale incident of 2017, NotPetya, became the most damaging cyber attack in history, causing destruction estimated to be in excess of $1bn globally. The transport industry was hit hard, with ships stuck at port and staff having to ferry around pieces of paper to keep cargo moving.

And just last year, our Cisco Talos researchers uncovered a global attack we named “SeaTurtle”, which compromised trust in the internet by undermining the DNS system that translates domain names into machine-readable IP addresses.

[…]

Original article here