Dear Cobus Pool,

Thieves have been caught for centuries. But they still don't see the end in sight. The better they're caught, the better they adapt. It's because their motivations aren't changing. The story with cybersecurity is pretty much the same one.

Hi Cobus Pool ,

I am not aware of up to date research results regarding this topic (but it is not my major interest). But from my personal experience, the following topics often lead to insecurities in real world applications:

a) IT security activities are typically purely considered as costs and thus one wants to achieve security as cheap as possible. This often leads to insufficient attacker scenarios or there is simply not enough money to provide the necessary level of (IT) security.

b) Small mistakes have huge impact on security. Just a tiny misconfiguration might expose your system to serious threads.

Best regards,

Mike

Another hurdle is certification: only a very specific version and/or configuration are certified. Patching or upgrading will void the the certificate and your system will be "non compliant" which is often considered worse than "vulnerable".

There will never be an end to cyber attacks and cyber security as long as cybersecurity is reactive and cyber attackers proactive. Since they are always a few steps ahead. They create viruses. They come up with solutions. As long as there is more than one user of the security system, it will always be vulnerable to cyber attacks.

There Gartner et al: (2020) Secure Access Service Edge (SASE) Forecast, confirms that SASE may be the answer. Introduced by Gartner, Secure Access Service Edge (SASE) is a forward-thinking framework in which networking and security functions converge into a single integrated service that works at the cloud edge to deliver performance and protection. Their statement answers the critical question on How can you ensure efficient and secure network access as your business evolves?