One of the benefits of being in the cybersecurity industry for over 25 years is that you develop perspectives from patterns that repeat themselves, as well as the ability to compare and contrast with other more mature industries.
This week at BlackHat, I realized that with all the vendors and money spent at BlackHat, most ordinary people who need cyber solutions are not being served. It is like a pharmacy only delivering “prescription medicines” when most of the world needs “over-the-counter medicine.”
By focusing on themselves—and by that I mean creating tools only for themselves—cybersecurity professionals are creating a talent shortage. It’s not efficient or practical to have cybersecurity tools so highly sophisticated that it requires years of experience to operate them. This puts small businesses in particular at a huge disadvantage, and opens them up to higher security risks. It also creates a higher barrier to entry for cybersecurity jobs, hence the unintentionally manufactured skills shortage. This talent shortage is only real because cybersecurity vendors are creating it as they continue to deliver solutions that require experts (doctors and pharmacists of cybersecurity).
In this blog post, I want to walk through what it takes to reach most of the world with a defensive cyber solution that is safe and simple to operate—an over-the-counter cyber solution.
A Remedy for Balanced Cybersecurity
Let's talk about balance in the cybersecurity industry. I'm not suggesting that over-the-counter solutions should replace prescription solutions. Instead, I’m advocating for a balanced approach, similar to how medicines are categorized. The current reality for the cybersecurity industry is that they require expert operations and administration for a simple headache when a straightforward over-the-counter solution could suffice.
How often do medium to small organizations find themselves with a toolset outside of their skillset or even their needs, because it’s beyond the basics? Most often than not I would say as the majority of vendors attending the BlackHat conference are targeting companies that have a CISO and a well-established security practice, not that small business down your street or have anything to offer your friends and family who have been hacked more than once by now I am sure.
Over and over, we hear that everyone in the world needs to practice the basics and then build their cybersecurity program from there. My general complaint is that If this is true, why aren't there more cybersecurity solutions designed to cover the basics that are safe to operate by someone who does not need years of experience or a portfolio of certifications?
The concept of over-the-counter is simple: It is available without an expert. You can essentially use it as directed and it will deliver a safe and effective solution.
I think there is also a case to be made that well-designed, simple-to-operate cybersecurity solutions that target the non-expert are also well-positioned for Managed Service Providers (MSP) and Value-Added Resellers (VARS) in the same way that Drug Stores sell both prescription and over-the-counter solutions. I want to ensure I thoroughly walk through the analogy to show the parallels in this comparison.
What Over-the-Counter Cyber Defense Looks Like
Imagine getting a splitting headache, so you drive to your local pharmacy and pick up your favorite over-the-counter headache pain reliever. You can run in quickly, grab what you need, and get relief shortly.
Now think of a scenario where that simple and effective pain relief requires you to first go to your doctor, prove you’ve got a terrible headache in the first place, then go back to the pharmacy and wait at least 30 minutes as the pharmacist fills your prescription. The prescription itself is likely a much higher dosage than what you needed in the first place. Relief comes quickly but at a higher price tag after an unnecessarily long wait.
That second scenario is what we’re seeing in cybersecurity. To get simple pain relief (or in this case, threat protection), we need to jump through a large set of hoops and wind up with something that covers our basic, fundamental needs. It is often far more powerful than we need it to be, at a higher price tag, and will require more upkeep. You’re going to need to keep filling that prescription, as you’re bound to get more headaches. And to fill that prescription, you’ll need a doctor and pharmacist (your cybersecurity experts) on-staff.
Neither scenario is sustainable long-term, when what you need are self-service basics.
An over-the-counter cybersecurity solution must be as simple as a music streaming service—full stop.
Finally, I want you to think of a cybersecurity solution that covers precisely what you need that you’re able to trial, demo, and pay for all on your own. It’s easy to get access, deploy, and manage (minus the experts)—that’s over-the-counter cyber defense. If you’re stuck on if a solution is “over-the-counter” or “prescription,” here are a few questions you can ask yourself:
- Is the skill you require to set up your device enough to set up this cybersecurity solution?
- If it does detect a threat, can it act on that threat and protect me without me having to be familiar with cybersecurity?
- Would I feel confident recommending this solution to a non-technical friend or family member?
If you answer “yes” to all of these, you’ve found an over-the-counter solution!
DNSFilter’s purpose is to “Make everyone’s digital environment safe to work, live, and play.” To be true to this, we must deliver solutions that are “over-the-counter.”
I’ve been in the cybersecurity industry a long time, and in the past I’ve felt guilty that I’ve played the prescription game. When neighbors or family members were the victims of scams or data breaches, I could help with the aftermath but didn’t have a solution I could give them to prevent this from happening again. Now, I can set them all up with DNSFilter as something that’s both affordable and easy to manage.
I feel so strongly about this I think we should advocate for those who don’t know enough to advocate for themselves.
Think of all we can do: We can use the #OverTheCounterCybersecurity tag to raise awareness, start a consortium of vendors who believe in this over-the-counter movement, or start a conference that hosts only over-the-counter cybersecurity solutions.
Are you in? Let’s go! I’m fired up.
Revving Up the Fun: DNSFilter's IndyCar Experience Recap — Milwaukee Edition
Revving Up the Fun: DNSFilter's IndyCar Experience Recap — Portland Edition
