Better metrics are vital to success

In the old days, a bank robber's potential victims were limited to real world proximity. They had to be physically present to perpetrate the crime. Also, their available time and man-power played a role in how much reconnaissance they could conduct, not to mention the amount of money they could steal. Threats were defined in a local geographic scope. Vaults, bullet proof glass, armed guards and alarm systems were designed to counter this type of well-defined threat model.

In the last twenty years, the internet has made everyone equidistant. Today's technology-savvy crooks do not have to be physically near their victims; they may remain comfortable hundreds or thousands of miles away while they act. Through automation, they can perform reconnaissance on a large number of targets within minutes. They also don't have to take the time to physically carry cash and instead rely on electronic transfer.

With hundreds of thousands of businesses and more than 1 billion people online, information security in the last 20 years has evolved to the point where risk must be assessed globally. From the levels of cybercrime, it is clear our current approach to information security is not working and we need better metrics to succeed.

Jeremiah Grossman

Jeremiah Grossman is a world-renowned expert in information security, a highly acclaimed security researcher, and an industry innovator. Over the last 20 years, Jeremiah pioneered application security as the founder of WhiteHat Security and served as Chief of Security Strategy for SentinelOne, focusing on ransomware and EDR. Today, as CEO of Bit Discovery, he’s taking on arguably the hardest and most important unsolved problem in the entire industry — attack surface management.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.