Blog
← Back to Blog
April 05, 2021 general

Five Years of the Blog: From Hollywood Presbyterian to SolarWinds

Five year milestone celebration

Five years. Over 100 blog posts. A cybersecurity landscape that bears zero resemblance to where we started.

In April 2016, a hospital paying $17,000 in Bitcoin was headline news. In 2021, ransomware gangs operate like corporations, SolarWinds-grade supply chain attacks compromise thousands of organizations simultaneously, and healthcare remains the most targeted industry on the planet.

Five Years in Five Lessons

1. The Basics Never Stop Being the Basics

Patching, 2FA, backups, training. Five years of writing, and these four things remain the most impactful security measures any practice can implement. They prevented the majority of attacks in 2016, and they prevent the majority of attacks in 2021. Not glamorous. Effective.

2. The Threat Evolves Faster Than the Defense

Ransomware went from file encryption to data theft to supply chain distribution. Phishing evolved from obvious Nigerian prince scams to convincing vendor impersonation. The attackers iterate faster than most organizations can adapt. Continuous improvement isn't optional.

3. Regulation Follows Disaster

Every major regulatory advancement was preceded by a disaster: Equifax led to credit freeze legislation, Cambridge Analytica led to CCPA, breaches led to stricter HIPAA enforcement. Regulation is reactive, not proactive. Don't wait for regulation to drive your security. Be ahead of it.

4. Trust Must Be Verified

NotPetya through M.E.Doc. SolarWinds through Orion. Exchange through on-premise servers. MSP attacks through remote management tools. The trust we place in vendors, tools, and infrastructure can be weaponized. Verify. Monitor. Segment. Don't trust blindly.

5. Awareness Is Necessary but Not Sufficient

In 2016, the problem was awareness. People didn't know the threats existed. In 2021, the problem is execution. Everyone knows cybersecurity matters. Not everyone acts on it. Closing the knowing-doing gap is the challenge of the next five years.

Year Six

What's coming: ransomware as a geopolitical tool, zero-trust architecture replacing perimeter security, AI in both attack and defense, and the continued expansion of privacy regulation. We'll keep writing about it.

Thank you for five years of reading. The practices that have implemented our advice are meaningfully safer than they were in 2016. That's the whole point.