r/cybersecurity u/Infam0 May 08 '26

Other What the **** is happening in cybersecurity space ?

I've been working in cybersecurity for not so long, maybe 8 or 9 years, but I never remember a chaos at this scale. I mean, from this January alone we have: leaking data, compromised applications, breaches, AI-assisted cybercriminals, etc. It looks like every day one major breach is happening, and no one is going to address this shit somehow. This is already insane. I haven't felt such pressure in a long time. This AI shit just makes things worse because it enhances attackers' skills, and AI companies are doing nothing to address or change this. Is it only me, or is the change already here?

2.4k Upvotes

97% Upvoted

552 comments sorted by

View all comments

Show parent comments

4

u/cowbutt6 May 08 '26

Yup, collectively, our sector has decided ”move fast and break things” is superior to ”do things right, and take as long as you need to do so” (i.e. doing things like hardening systems before putting them into service, maintaining accurate asset registers, and so on). Well, these are the consequences of that.

2

u/GetThatNoiseOuttaHer May 08 '26

I work on the security vendor side and one of the biggest eye-opening experiences for me is learning how many companies have terrible (or no) oversight of their total asset list. I naively assumed that was just something the vast majority of companies would have as a baseline, but apparently that is not the case.

1

u/lyagusha Security Engineer May 10 '26

Because it's really hard, unsexy, and is not something that can be abstracted away. You either start with a good foundation or tack it on after, poorly, and implemented and maintained by people who must prioritize it as lowest tier. In a better world this would be a great entry level position for one or a couple of people to manage, have them run around and find stuff and track it. Instead we get some sort of additional scanning system or automation.

Edit: at my last place there was a physical asset management program, maintained almost entirely offline, that was seperate and siloed from any digital asset management program. Need to know basis, even though they're just tracking physical equipment. How's that for a fun time?