“Be smart, know what's going on, understand the reality of the cyber space, don't think about delusional stuff, know there's real technology that actually solve the problems, and think about how the bad guys are going to come at you and then defend forward going from there.”

Speaking at the Threatlocker Zero Trust World conference in Orlando, researcher, former analyst Chase Cunningham talked on the ‘grand delusion’ of cybersecurity, where he said too many people “in cyber continue to practice kind of a failed approach to the problem.”

Claiming that “none of this is rocket science”, Cunningham pointed at two instances that have where things have fundamentally changed across the board for everyone: in warfare, and the internet. Specifically on the ‘dawn of the internet’, he pointed at the leak of technologies, saying the likes of the EternalBlue exploit, and “other solutions from the NSA have basically fundamentally changed the way we do things in cyber space.”

He said: “Everybody everywhere is a potential cyber warfare actor. We have to accept this reality. We can't keep thinking about cyber as like the IT thing.” In particular as malware code can be created by AI tools and more exploits are made available.

Change Your Ways

Cunningham went on to say that “billions and billions of dollars” have been spent to try and solve the problem, but people will use bad passwords and click on links, so “change the way you deal with the problem and you don't become the issue.”

He said the cyber space has become one of finance, saying “this is a money making space for people that want to make more money and maybe you solve some cyber along the way.”

“As a market we have invested and taken in more money to solve a finite problem like cybersecurity like idiots, clicking on phishing links than we have to cure cancer,” he said, stating tha cancer will kill you, and cyber can kill you, “but it's probably not going to.” 

Calling this a “finite problem”, he said: “If we're doing anything else we're delusional.”

Deliver Value

Concluding, Cunningham said: “We need technical Solutions that actually deliver value instead of more stuff for the sake of more. I hope in five years, we see that trend is changing. We see that more money is going into curing cancer than we do into cyber.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.