2017 was a busy year full of malware attacks and data breaches. Yes, these events caused (at least) their fair share disruption and damage. But as the year draws to a close, our attention should move beyond those immediate consequences in an effort to better understand the facts surrounding how and why the incidents occurred. Indeed, we can use those details to learn from our past mistakes as we move into 2018 and beyond.

Here are the lessons a few of us in the infosec community learned from 2017. We can only hope organizations everywhere internalize all this learning going forward.

Tim Erlin, VP of Product Management & Strategy at Tripwire | @terlin

There used to be some qualitative difference in the breach activities that went on in a given year, but the last few years have all had significant breach activity.

I think we’ve moved past “breaches as events” to breaches being the norm. Their character and details may change, but the industry as a whole has to accept that this activity is continuous. Why is that important? It changes how we mobilize defense. If you build defenses around the idea that there’s a point-in-time event requiring a response, then you focus on different tactics. There’s a ‘surge’ mentality that goes with this approach, one which drives off the idea that work is distributed unevenly.

If you consider breach activity as a more continuous process, then you defend more continuously. This isn’t a binary change. It’s not that it was one way and is now the other. It’s a shifting characterization that demands a shifting defensive strategy.

Tyler Reguly, Manager of Software Development with Tripwire | @treguly

I hate to say it, but 2017 has taught me a pretty dark lesson.

For years, vendors have gotten better about communicating (Read more...)