The last 20 years and the evolution of IT security
Let's look at the problem with a view that the glass is half full. Without the hacks and attacks on our systems and data, do you think we would have gained support from businesses in developing efficient systems with security, at least on the radar, and insisted for IT architectures? Architectures that were built for efficiencies, produced as a byproduct more secure systems? We've been challenged by very intelligent people who utilize that intelligence the wrong way, but it has resulted in more robust, efficient systems that just happen to enhance the security environment. Ten years ago, major system deployments failed over 70 percent of the time. Nowadays, you'll be hard pressed to read about a multimillion dollar system failure.
The problem is we're lagging behind criminals whom at this point, are well financed through their ill-gotten gains. Hacking and other IT criminal activity has grown into a lucrative business, focused on profiting through our demand for newer and better technology, delivered with vulnerabilities and without security thoroughly “baked in.” Rush to market and security assurance still sit on opposite sides of the fence. In the business world, IT security has reached the minimum funding level, but it remains a secondary piece of the primary business. We continue to accept the vulnerabilities as a cost-of-doing business and write off the cost of being scammed.