The security industry had a terrible year in 2020—some even think the worst ever. You can point to failures in working from home after COVID-19 struck, various election narratives, the SolarWinds breach, foreign nation-state cyberattacks, new ransomware, the global lack of cybertalent, government leader mistakes or a long list of other items.
My favorite quote that captures this “good riddance” sentiment is from Back to the Future when Doc warns Marty: “Whatever happens, don’t ever go to 2020!” (Note: Avid Back to the Future fans, you can get the T-shirt here.)
Regardless of who you blame (or not) for 2020 failures, Bruce Schneier now thinks the best path forward after the SolarWinds breach is for the majority of Fortune 500 companies to burn down their networks and rebuild from scratch.
But even if this radical approach is followed by public- and private-sector organizations, this advice begs many questions. Do we rebuild the same network architecture? Will the same people, processes, and technology (presumably with known vulnerabilities patched) keep the bad actors out in the future? Can we keep doing the same things and expect a different result? Bottom line, have we learned anything from the past decade—or even the past year?
