Cybersecurity: Is This All There Is?

Helen Patton
7 min read2 days ago

Over the last decade, the scope of the cybersecurity function has become bigger and bigger, while the focus of the cybersecurity industry has shrunk to a singular focus — external attack detection and defense.

It used to be called “Information Security”, when principles like the C-I-A triad, and least privilege, and defense in depth were all part of the function of the security team. We cared about external attacks, but also insider threats, configuration mistakes, technology use that safely enabled the business, and interdisciplinary organizational culture. When we talked about third party risk, it wasn’t only about how much cyber insurance they had in case they were attacked. It was about how resilient their IT stack was, and their operational business model.

Now, when we talk about Cybersecurity, it is about protecting against and identifying cyber attack.

That’s it.

A conference table with 12 chairs, clean surface, simple.
Photo by Kenny Eliason on Unsplash

Security, whether you call it cybersecurity or information security, is a “wicked problem”. It is resistant to resolution, and cannot be solved by simplistic and immature thinking. But our collective thinking is getting more and more focused on one thing, simplifying for the sake of easy messaging. A messy problem to be cleaned up.

When the recent Crowdstrike outage occurred, we were quick to say “this isn’t a…

--

--

Helen Patton

Cyber Security, Technology Ethics, and Humanity. What else? I can be found at CISOHelen.com or on Twitter @CisoHelen or on Mastodon @cisohelen@infosec.exchange