The Invisible Battle: Understanding the Differences Between Traditional and Cyber Defense

To the average company’s Chief Information Security Officer (CISO) , the importance of strong cyber security is a given. Due to its physically invisible nature however, it is often difficult for those not directly involved with the development and/or maintenance of a cyber defense system to properly comprehend its significance.

In addition to its invisible nature, the way cyber-attacks are conducted adds confusion for those not knowledgeable in the subject. As Alex Blau of the Harvard Business Review puts it: “The problem with these mental models is that they treat cybersecurity as a finite problem that can be solved, rather than as the ongoing process that it is. No matter how fortified a firm may be, hackers, much like water, will find the cracks in the wall. That’s why cybersecurity efforts have to focus on risk management, not risk mitigation.”

The fundamental difference being highlighted here, is that cyber defense is a process that must be constantly monitored, constantly kept up to date with updates to ward of the latest threats, as they appear. It is not enough to simply enact countermeasures and leave them in a static state –  assuming they will always suffice to keep your data safe.

This important distinction is one of the driving motivations behind the design and architecture of  SecureOTA, the over the air updates piece of our SecureIoT suite. In an environment where new, undocumented cyber-attacks can occur at any time, the need for a fast-responding, always up-to-date security system cannot be neglected.

This critical functionality has been shown to have lasting benefits in the cyber security realm, as was seen at the time of a Tesla model S exploit back in 2015. According to Wired, while Fiat Chrysler was forced to recall 1.4 million cars due to a cyber exploit in the same year, Tesla was able to remedy a similar issue with little more than a software update.

A cyber security system is to a castle as updates to the system are provisions. While rather pessimistic, the reality of cyber defense is that every castle is under siege, and without the constant support updates provide, collapse is inevitable.