“Those who cannot remember the past are condemned to repeat it.” — George Santayana
A traditional Christmas Eve dinner at my favorite dive Chinese restaurant always includes paper placemats with signs of the Chinese Zodiac. While waiting on the scallion pancakes and cold sesame noodles to kick off the inevitable overeating, we compare signs, animals, and personality attributes.
2022 is the Year of the Tiger. According to the Chinese Zodiac, children born in 2022 will be “loyal, trustworthy, and courageous fighters.” In contrast, I was born in the Year of the Pig, which means I’m “chivalrous, optimistic, and tell things like they are.” Ironic, huh? You can’t make this sh*t up!
In addition to 2022 being the Year of the Tiger, it is roughly the 5,237th “Year of Cybersecurity” since the Neolithic Period (at least by my count).
Every year, from their lofty towers, industry experts pontificate on the IT focus for the coming year. (If the marching band scene in the movie Animal House springs to mind, you’re on the right page.) Once again, 2022 is being recognized as the “Year of Cybersecurity” by industry thought leaders, including Security Magazine, Clearbridge Business Solutions, and ConShore Security.
The trouble is that leading cybersecurity pundits also made these same claims in 2021. And 2015. And 2008. And pretty much every year since cybersecurity first entered the English lexicon in 1989 — a year which also included Tiananmen Square, the Exxon Valdez, and two Top 40 songs by Jive Bunny & The Mastermixers!
If nothing else, yet another “Year of Cybersecurity” tells us three things:
As always, cybersecurity remains a primary focus of attention.
Cybersecurity will forever be a primary focus of attention.
Industry pundits are committed to disproving Santayana’s quote about the definition of insanity. (No, it wasn’t Einstein. Yes, I’m sure! Go look it up… See, I told you so!)
Declaring a “Year of Cybersecurity” is like declaring victory when you’ve mowed the lawn or cleaned the kitchen. Sure, it looks nice for a few days, and it gives you a warm sense of satisfaction — but the painful truth is that the kitchen will need cleaning again in another week, and the lawn will grow in endless defiance of your mower’s blades.
Cybersecurity is like that stovetop or that backyard. You’d love to believe that you’ve “finished the job” once and for all and that you can move on to addressing some other projects. But you know in your heart, or at least you should, that the world doesn’t work that way. And pretending that you can “finish the job” of cybersecurity sets you, your management chain, and your team up for painful disappointment when the “cyber spaghetti sauce” once again ends up splattering all over your nice clean “cyber stovetop.”
There are no trophies for winning at cybersecurity, just as no one typically hands you a medal for successfully mowing your lawn. So instead of declaring 2022 yet another “Year of Cybersecurity,” let’s talk about what businesses should be paying attention to.
Here’s where you should start: