That’s sounds strange to say but hear me out. Before ransomeware there was no economic incentive for companies to worry about security. There was a strong “why would you hack us” vibe that made it hard to talk management into doing anything basic like locking down ports.
Nowadays everyone and there mom is worried about getting compromised. I’ve seen companies who historically didn’t care at all about IT suddenly invest heavily in security. We are now much more secure than we were previously as everyone has suddenly realized that the internet had a huge risk. I doubt we will see any of the old style worms we had back in the day that would infect millions of machines.
So like the gun manufacturer that made everybody else need more guns?
Yeah was good for the manufacturer.
Picks and shovels…
Hooray for criminals, who stimulate progress towards protection from criminals. Kings.
The problem is all the buying is purely so they can tick boxes on an insurance form.
We see it with our customers all the time, they request thing for cyber insurance reasons like a SIEM or EDR, but no one is checking the systems.
No one is checking until they get breached. The attacks are slowly forcing the industry to improve.
If the firewall is breached, and nobody is around to read the SIEM logs, was there ever a hack?
Just a reminder that the internet was recently shredded exactly by the security infrastructure.
If you’re talking about CrowdStrike, I’d call it part of the malware infrastructure.
From the perspective of the OP’s point though, it is a good argument since it capitalises on the panic described.
