A Shortsighted Model for Cybersecurity

I have an issue with this! No disrespect to the original poster creator, who is the sheer levels of complexity and advocating the need for multiple tools to work together, but cybersecurity will continue to disappoint, be ever more expensive, and overcomplicated if we fail to define the problem correctly or develop comprehensive strategies to manage evolving cyber risks.

Take a look at this diagram. It is like many that float about, which provide a great technical view of cybersecurity (with hint of process thrown in), but fully ignoring the behavioral/cognitive aspects. That makes this very shortsighted. Even if you had perfect technology controls for everything listed, an admin making a mistake or purposeful attack, would bypass all these controls.

We need to recognize that cybersecurity is more than just a tech problem in need of a tech solution(s). In fact, technology is the battlefield, but there are attackers, victims, and processes that connect everything.

Yes, multiple systems are needed - but that also includes the people and processes that intertwine with the technology. Let's have a better view. Let us develop strategies that are effective, efficient, and target all aspects of the challenge we face.