A friend recently asked me which side I thought was winning the internet security arms race.
Good question.
Considering the size and the frequency in the number of data breaches, there’s reason to wonder whether the good guys indeed do have the upper hand.
Cyber attackers used to be little more than annoyances. We could usually neutralize their mischief simply by installing anti-virus software. No longer. They have graduated into legitimate threats and now regularly wreak havoc on business organizations and governments.
And it’s not as if the security industry is standing still. Defenses have grown more robust. We’ve moved from firewalls and AV to advanced endpoint protection, full proxies - even for encrypted traffic - data loss prevention, multi-factor authentication and ubiquitous encryption. I also can point to countless other advances, including areas ranging from artificial intelligence (AI) and machine learning (ML) to early stage post quantum crypto.
Yet the attackers keep winning. Fortunately, though, not everywhere.
How Technology Evens the Odds
Before answering the question I posed at the outset, it’s important to first recognize who is losing.
Start by looking in the mirror. If you are leaving vulnerabilities unpatched for months, you’re making it too easy for the bad guys to eat your lunch without your knowledge. That’s not all. Any enterprise guilty of rookie mistakes like that has likely already jeopardized customer information as well.
By itself, of course, patching isn’t enough to seal up your security. It’s not just that you need antivirus, data loss prevention, advanced endpoint protection advanced threat protection, crypto, multi-factor authentication, and more. Rather, you also have to integrate them. Then you need to make sense of what’s happening in your network. Those are all significant challenges.
Most big companies often need to deploy dozens of security technologies, generating so much event log and alert information that it’s often difficult to see the forest as a whole with so many trees crowded together inches ahead, blocking vision.
The good news is that artificial intelligence and machine learning can help defenders sift through trillions of events each month. For the first time, security teams can deploy these technologies to make better sense of massive amounts of data, putting alerts, logs, and events into far greater context. The upshot: They can finally prioritize to focus on the more dangerous challenges to their organizations. In their seemingly endless struggle with well-resourced attackers, this holds enormous promise for businesses trying to protect their networks with limited resources.
No Magic Bullets
Further, AI and ML offers security practitioners new insights into what’s going on in their extended network. That includes intelligence about an organization’s on-premise and cloud deployments as well as mobile and IOT devices added on top of them.
The arrival of these time-saving technologies is propitious. The world has struggled for too long with a years-long shortage of skilled security people. Without enough people to staff their extended front lines, is it any wonder that so many companies waste valuable time scrambling to chase after intruders and not enough time developing the big picture strategies needed to counter the bigger threats on the horizon?
As mentioned earlier though, with or without AI for their security operations, anyone not getting the basics right with patching, products, and integration of all of the above, probably isn’t going to stay in the winner’s column very long.
Similarly, anyone failing to leverage automation, AI, and economies of scale to make sense of all that’s happening in those systems, probably isn’t going to stay in the winner’s column very long either. Especially now that potential attackers are starting to experiment with adversarial AI and adversarial ML for taking this move-counter-move game to the next level with “AI versus AI.”
Of course, in the research lab, we’re already preparing for that – something that I’ll have more to say about in a future column.
United We Stand
Many companies are doing all the right things and they have been able to stay out of the headlines. Unfortunately, too many others cut corners on security, fail to invest strategically, or just don’t execute their plans effectively. So far, their luck has held. But no lucky streak lasts indefinitely.
If I had to offer a status report about who’s really winning the cyber arms race, I’d say that it’s a mixed picture. Even the defenders who have successfully repelled breach attempts to date don’t often feel like they are ahead, simply because security is never fully settled.
Attackers don’t stop coming and you can’t let down your guard. And not all defenders are winning. Some have lost this year - hard. While armchair quarterbacks often criticize security spending, talent, or execution when such a company fumbles, most of the people working security for those companies were working long, difficult hours. That, in part, is why keeping the strategic picture is crucial, to be sure such effort and commitment aren’t wasted fighting the wrong fires.
That leads me to my bigger point. We’re all in this together. When one company falls victim, the attackers invest their stolen profits to build even better weapons that they use against the rest of us.
Sharing best practices is essential. Collaboration is essential. Economies of scale are essential. As has been true throughout history, united we stand, divided we fall. If nothing else, do it out of a sense of enlightened self-interest. Attackers may not have hit you yet. But don’t think that they won’t. One day, they’ll come gunning for you, too. When they do, you’ll want them to not have the resources of the many victims who could’ve been saved by working together.
(If you’re interested in joining this campaign, re-share or retweet this post. You can follow me @WittenBrian.)
![都大路Sの調教プロファイル[2026年バージョン]](http://cdn-ak.f.st-hatena.com/images/fotolife/s/sanzo2004321/20260523/20260523123758.jpg)
