Trust, in both people and solutions, doesn’t actually exist in the digital world. "We can have confidence in a system—allow a system to work in a different way, but we don’t want to be complacent. The big thing that we do is anthropomorphize the digital world," said Kindervag.
Trying to liken the digital world to the analog world leads us to misunderstanding. The desire to identify the perpetrator of an attack is one example. This sense that knowing who did this matters is misguided, said Kindervag. "If it's a digital crime, they have choices. Investigate to figure out what happened or get back to work and get the systems up and running."
After they get back up and running, there’s a lot of information that has already been lost. "To go back six months later and do forensics and hunting, that’s not ultimately helpful. If they find one attacker, they don’t find them all. If they find one threat, they don't find them all," said Kindervag.
Protection, then, has to move closer to the assets they are trying to protect and away from trying to identify who committed the crime. Equate cybersecurity to the Secret Service, said Kindervag. "Come in really close and protect what needs to be protected. What data do we have, where is it, who has access to it at any given time?"
Despite the potential for damage and loss that comes with making these assumptions, Kindervag said, "I’m always amazed at how well things work. Having watched it from its infancy, I’m amazed. Even the problems we have with cyber crime are pretty minimal and manageable problems."
Sign up for CIO Asia eNewsletters.