As cyber-attacks become more frequent and cause more damage, the US government and the vast majority of private and commercial companies dig deeper into a defensive posture. Offensive cyber operations do not happen, except for maybe a few confidential US military or government (NSA) operations that cannot be confirmed or denied. Over 90 percent of the internet, including the massive amounts of data the travel through it; belong to non-government entities that so far are unable to punch back against their attackers.
Cybersecurity’s human adversarial engagement is often lost in discussions of cybersecurity. We discuss how defenders’ focus on technology unintentionally creates vulnerabilities which can be exploited by threat actors. In particular, we discuss how the convergence of cyber awareness training and defensive technologies is exploited by threat actors with devastating consequences.
About the Author(s)
There are two competing arguments regarding the gravity of the threat that cyber-attacks pose to the nation’s security.