Perhaps because more higher impact incidents are making the media these days. Perhaps there is an actual increase in threat actors, their activities, or the effectiveness of their activities. Perhaps the defenses have been spread too thin, perhaps … oh heck, perhaps all sorts of things. I know that in my career, I have been aware of many attach activities and successful actions by threat actors against corporate, government, and other interests that never got to the media, and of course another possibility is that we are seeing more reporting of what was already happening. Or perhaps the things now being done are harder to conceal because of the obvious nature of the consequences being realized.
My notional hypothesis about this
I think there may actually be a substantial increase in the quality and quantity of attacks underway, and that this may be related to Russia’s increasing desire to do harm to the world in order to fight off the arms and expertise being provided to Ukraine. I notion that they may be conveying the thought to worldwide governments and/or their citizenry, either directly, through back channels, or as part of an influence operation, that we have a lot to lose and they are willing to take it.
I also think we are seeing more and more readily apparent attacks taking place with greater and more obvious effects.
Of course I may be completely wrong about this…
But nevertheless, I see increasing activity reaching my infrastructures and attempting to exploit various weaknesses that may or may not exist in specific systems we operate. So I think it is a real signal.
But really, the problem is we don’t have a good way to measure this
If we did, we would actually know that something was going on, and possibly even what it was. Of course folks at the CISA, FBI, Secret Service, and other government agencies might know and be unable to tell us without harming their ability to know. And they have been surprisingly open about things they have found of late, which may indicate their desire to keep us better informed.
Nevertheless
Here we are. The defenders of cyberspace. And yet we aren’t really sharing the information required to gain clarity around what is happening. And that makes decision-making less certain, which makes our ability to manage risks even less effective than it would otherwise be because of the other limitations we have. I think we should be sharing more and doing so more openly and transparently. Yes – I know – admitting weakness is hard to do. However…
Conclusions
We don’t actually have a good way to measure what is taking place because we have no required reporting or standards of measurement. Maybe we need the government involved?
Click Here to Enroll for an Online Certification Course in Cybersecurity Overview