By 2006, the United States was losing two wars simultaneously in Iraq and Afghanistan, and many of the entrenched interests in the country—political, military, economic, journalistic—were whistling past the proverbial graveyard and pretending that everything was fine.
Ten years later, the cybersecurity industry looks very similar. Last year alone, despite more than $75 billion spent on enterprise security products and services, more than three-quarters of the Fortune 500 were breached by cyber adversaries, and the average time from a breach to its detection was nearly 146 days (down from 205 days in 2014, but still too long). For defenders, this is the very definition of strategic failure.
We need to make a change. Rather than relying on imperfect prevention techniques, or waiting for a breach to happen and then reacting to it, defenders need to “turn the map around” and hunt proactively for the attackers in order to root out adversaries before they have a chance to do real damage. This is the next frontier of cybersecurity.
This failure is costing all of us. A 2015 cyber crime study found that hacks cost the average American firm $15.4 million a year, double the global average. Another report found that cyber attacks are costing businesses around the world anywhere from $400 to $500 billion every year. And that’s translating into job losses as well. A 2013 study estimated that malicious cyber activities are resulting in hundreds of thousands of lost jobs in America each year.
More broadly, the steady drumbeat of successful attacks threatens, at its worst, to undermine popular confidence in online commerce…