How can cybersecurity be improved with better software?
Let’s start with the experts who have the task of spotting something going on which shouldn’t be – running corporate or government systems.
Setting a key performance indicator – known attacks per day, percent of attacks known to be succesful – is a start, but not very helpful.
This is a task where experience is enormously helpful – peple know what to look for, what the patterns are, what to see.
Ideally you’d have a knowledge base of people’s experiences with different attacks, how it was done, how it was spotted.
Then you could build software which would automatically scan for suspicious activity as described and flag it up.
This would be a lot of building software, adapting software, gathering stories about people’s experiences, showing the right experience at the right time, continually building a knowledge base which connects and indexes to the scanning and detecting.
That’s not how this software is usually built, I think!