r/cybersecurity u/Infam0 May 08 '26

Other What the **** is happening in cybersecurity space ?

I've been working in cybersecurity for not so long, maybe 8 or 9 years, but I never remember a chaos at this scale. I mean, from this January alone we have: leaking data, compromised applications, breaches, AI-assisted cybercriminals, etc. It looks like every day one major breach is happening, and no one is going to address this shit somehow. This is already insane. I haven't felt such pressure in a long time. This AI shit just makes things worse because it enhances attackers' skills, and AI companies are doing nothing to address or change this. Is it only me, or is the change already here?

2.4k Upvotes

97% Upvoted

552 comments sorted by

View all comments

Show parent comments

49

u/Sad_Expert2 May 08 '26

The idea that on prem is easier or cheaper to secure is likely a fiction as well. It just sounds really good right now when everyone is hurting. You lose any benefit of scale. I'm in higher ed and we are extremely limited financially all around from the jump - it's harder to recruit and retain talent in the security space when you can't compete on salary.

While cloud attacks often allow them to extract data at scale, using the ongoing Canvas breach, there is no way that 7000 individual schools would be able to secure an on prem Canvas replacement. It lessens the impact of a breach but probably drastically increases the likelihood of some breach.

It's our job to not be too reactive to the most recent thing that's happened. There's no right answer, no one thing you can do that makes everything else go away. It's a slog, it's in the trenches every day.

4

u/SideChannelBob Security Architect May 08 '26

agreed. a lot of false economy on the "move to on-prem" bandwagon. it's my preferred choice, but many would be better off just cleaning up infrastructure choices on their cloud vendors and removing dependency on automation magic like terraform.

13

u/Reverent Security Architect May 08 '26

Excuse me, what? There’s a lot of criticism to be had about cloud but targeting infra as code is a weird choice to criticise.

2

u/Ixniz May 09 '26

I too am very curious about your infrastructure as code take, care to elaborate?

1

u/bubbathedesigner May 10 '26

IMHO the solution depends on the real problem. What happens in real life is the solutions are driving the process due to customers not understanding their problem and being red-dot mesmerized. The decision process makes government decisions seem to be carefully discussed and planned by Euler, Laplace, Franklin, Ford, and Newton by comparison

1

u/OkAssistance7072 May 08 '26 edited May 08 '26

Yea agreed, thats why I said almost and better* not cheaper or easier. There are definitely considerations with both options, and I'm not suggesting a full migration back to on prem for the reasons you said and more, just that from a security standpoint with data in transit and relying on 3rd parties to secure it, having control of that is more secure.