Cyber security is everywhere. You can't pick up a the Wall Street Journal, New York Times, or any online business publication without reading a story about data breaches at both corporations and government organizations. A CIO has said, a company either knows it's been breached or it doesn't know it's been breached. But it was not always like this. What has changed? Why are we seeing cyber security and data breaches in the new paradigm so often now?

Longing for the good old days of certain security
Today's adversaries, commonly called hackers although that term seems a little obsolete given the gravity of their attacks, have evolved from hobbyists to professionals. They are well trained and well-funded, and run the gamut from social activists and state-sponsored operators to criminal syndicate members.
Just as they have become more sophisticated, so have their tools, techniques and procedures. Attacks used to be indiscriminant, like viruses in the wild, spreading and replicating on unprotected systems. Now they're targeted to specific firms with the objective of stealing, encrypting or destroying data.
Security professionals used to be confident they could lock down and secure their networks to prevent incursions. Now, the mindset is that incursions are inevitable and the burden is on them to figure out how to detect and remediate an attack before the data is compromised.
Another problem facing Chief Information Security Officers (CISO) is the shortage of skilled network defenders. Now that the cyber security problem has gotten worse, the demand for network defenders is skyrocketing against a limited pool of qualified candidates.

Enter the Chief Information Security Officer
CISO's have an incredibly tough job, and at the end of the day they know there are systems are going to be breached. The traditional approach is to use a layered defense strategy. These strategies, first adopted for the battlefield or physical security, are important to operate and maintain, but have limitations. For example, intrusion detection and prevention systems (IDS/IPS) userules so they can only protect organizations from previously identified threats. Security Incident Event Management Systems (SIEMS), rely on system logs, second-hand representations of what happened on the network, to track incursions. Skilled adversaries can delete or change logs and make the data worthless for cyber security. Network Data Capture Tools can see all but they can also be too slow.