That’s sounds strange to say but hear me out. Before ransomeware there was no economic incentive for companies to worry about security. There was a strong “why would you hack us” vibe that made it hard to talk management into doing anything basic like locking down ports.
Nowadays everyone and there mom is worried about getting compromised. I’ve seen companies who historically didn’t care at all about IT suddenly invest heavily in security. We are now much more secure than we were previously as everyone has suddenly realized that the internet had a huge risk. I doubt we will see any of the old style worms we had back in the day that would infect millions of machines.
Just a reminder that the internet was recently shredded exactly by the security infrastructure.
If you’re talking about CrowdStrike, I’d call it part of the malware infrastructure.
From the perspective of the OP’s point though, it is a good argument since it capitalises on the panic described.
The problem is all the buying is purely so they can tick boxes on an insurance form.
We see it with our customers all the time, they request thing for cyber insurance reasons like a SIEM or EDR, but no one is checking the systems.
No one is checking until they get breached. The attacks are slowly forcing the industry to improve.
If the firewall is breached, and nobody is around to read the SIEM logs, was there ever a hack?
Hooray for criminals, who stimulate progress towards protection from criminals. Kings.
So like the gun manufacturer that made everybody else need more guns?
Yeah was good for the manufacturer.
Picks and shovels…
This seems suspiciously similar to the Parable of the broken window. Sure, overall security has increased, but it has costs. That said, since we will invariably have criminals, it has been a good thing that companies and individuals have gotten more aware of the risks and are taking actions to protect themselves.
i agree with this because for me the problem is more vulnerabilities, bloatware and negligence than anything else.