I've had an interesting view of the security industry. Being a software engineer for over 20+ years in both the application and web space. I have had the pleasure of both hacking and being hacked on many occasion. I would absolutely agree with many industry professionals that security is nothing more than a cat and mouse game. I will add that in order to understand it correctly, you need to have been both the cat and the mouse.
When attack patterns, automated tools, and growing surface areas create a battlefield of shifting sands. A hot, unforgiving battlefield where every grain of that sand is someone's life, work, history, secrets, and finances. Mistakes and budgets have a tenancy to overshadow difficulties faced when attempting to protect the desert of users set on considering the ease of their life and not the protection of it.
I feel I was lucky enough to have been born in a time when I could experience "hacking" or malicious use of the code. Grow from what seemed to be near infancy in the dial up an era to the military grade power house it has become today. From my view in the late 80s and early 90s hacking was despite the lack of personal protection available. A much safer time to be online. It was not that you could not be hacked then, actually quite the contrary. Most protection if you did have any was purely reactive and could only protect you after a virus was found and tagged.
In my personal opinion, the internet didn't start to turn into a battle field until nation states started weaponizing tools to treat it as such. Nation states created the need to escalate what was already there. They created the market places that flourished unchecked for exploits, zero days, viruses, worms and their eventual evolutionary forms. I do not believe many hackers or teams of hackers put up the amount of money that we often see put up in such market places. I personally believe it is largely propagated by actors of nation states seeking the next weapons grade tool just as we see today with military arms markets.
To quote Brad Smith - President and Chief Legal Officer of Microsoft. "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action."
The actions of our government and WikiLeaks may be a small peep through the looking glass into what has been going on. It's a possible look at what our future holds online. It may also be a look at how the battle field of that future has been evolving potentially without direct loss of human life, but rather a loss of assets, secrets and possibly power. It also might help to paint a clear picture of the corner internet based businesses are backed into when threatened by various nations of the world seeking information they feel they require.
I feel the challenge for the future will be getting upper management, or owners of corporations and especially small businesses today understand that as they expand their infrastructure, their holdings, and their technological reach into areas such as mobile services, web services, storage services, communication services and the overall internet of things as we know it today. That they may be creating the next battle fields that the nation states of the world will be fighting in, and on the company's dime.