Meaningful Measurement - It’s About Time We Got This Right

Explore the critical issues surrounding cybersecurity metrics and measurement in this thought-provoking conference talk presented by Ian Trump at the 44CON Information Security Conference. Delve into the challenges of quantifying malware usage and cyber-crime impact due to the lack of industry-accepted standards for metrics. Examine the wide disparities in reporting between vendors, industry bodies, and media, and understand why current attempts to establish the scale, cost, and impact of cyber attacks often fall short. Analyze the disconnect between cyber-crime reporting and the metrics most crucial for businesses under attack and the cybersecurity industry. Learn why comparing different types of data can be problematic and how it highlights the industry's shortcomings in metric selection. Discover why moving away from sensationalized reporting and focusing on compromise indicators and prevention is essential. Understand the need for more realistic, business-based risk analysis and the importance of developing threat intelligence relevant to small and medium enterprises, not just large corporations. Gain insights into why more granular and transparent data on security failures is crucial for progress against cyber threats. By the end of this 52-minute talk, grasp the urgent need for meaningful measurement in cybersecurity and the steps required to achieve it.