To answer why Cybersecurity? we must discuss how software is being developed.
There are traditional software methods (also called waterfall)
from the following site: http://www.umsl.edu/~hugheyd/is6840/waterfall.html
I always like to break down waterfall in the following:
- Pseudocode
- Design
- Develop
- Test
- Customer has it – needs any bug fixes must be fixed.
Did you notice a lack of security thinking? It is supposed to be baked into the whole process, but it usually is _not_.
So there are people adding some testing processes, and some companies are trying to add security thinking into the development and pseudocode, but it has not caught hold well enough yet.
Even the security software companies have problems with the new hacker normal. So the problem is with the new attacks are much more sophisticated (which we have posted here before)
http://oversitesentry.com/why-is-security-difficult-target-breach-analysis-2-yrs-later/
And the Nationstates are developing attacks, so they are more sophisticated: http://oversitesentry.com/digital-anything-is-at-risk-fingerprints/
There is another software methodology called Agile (known as Xtreme Programming XP)
http://www.umsl.edu/~hugheyd/is6840/agile.html
It is esssentially the following:
- Pdeudocode and Design
- Develop software ant test
- feedback from Client
- Go back to 1.
Again security is not built into it. You are supposed to think about security or test for security as you build software.
Well, how has this worked out for us? More Cyberattacks coming at us than ever before although the attackers are more sophisticated
We have to step up our tests testing using security attack methods is the only way to improve this cycle.