>Why did it happen? Non-technical people have made choices and have optimized for stuff being cheap.
Yes and amplified by:
+ Cybersecurity 'bad actors' are decentralized and distributed. They innovate at speed, with no barriers, and share their innovation. Cybersecurity 'good actors' are centralized, proprietary and bounded.
+ Software and service providers traditionally couldn't build secure networking into their products - they had to delegate it to the consumer of the software or service for the consumer to implement as a day two bolt on. Dangerous when networking is often the largest and most vulnerable surface area.
> Cybersecurity 'good actors' are centralized, proprietary and bounded.
IME the main problem is that, with rare exceptions, building secure products is seen as a distraction that is best pawned off to the cybersecurity team. And that cybersecurity team is more often than not fairly light on actual product development engineering talent. So they do what they can, which is mostly buy yet another tool from the thousands of vendors hawking The Answer, the final service you need to buy and then you'll be secure.
Which to anyone who has built secure products, should obviously sound like nonsense. Because it is nonsense. Most of these tools are mildly useful (some useless) but not that great. They're certainly not The Answer.
To build secure products you need to actually make it a tier one requirement and design it in from day one. It's as simple, and as difficult, as that.
Yes and amplified by:
+ Cybersecurity 'bad actors' are decentralized and distributed. They innovate at speed, with no barriers, and share their innovation. Cybersecurity 'good actors' are centralized, proprietary and bounded.
+ Software and service providers traditionally couldn't build secure networking into their products - they had to delegate it to the consumer of the software or service for the consumer to implement as a day two bolt on. Dangerous when networking is often the largest and most vulnerable surface area.