1 Introduction: After the Breach

Cybersecurity incidents have a short shelf life. As I write this, in fall 2017, the breaches of the moment are the theft of 145.5 million Americans' information from the credit bureau Equifax, the compromise of three billion Yahoo user accounts, and the Russian government's theft of sensitive National Security Agency documents from a government contractor's home computer. But by the time you read this those incidents will have long since been eclipsed by dozens of other high-profile breaches. We read about the most recent data breaches in the headlines for a few days, maybe weeks, after they are publicly announced—we learn how many records were stolen, or the most embarrassing secrets revealed in the breach, we find out who will be fired and who will sue—and then these stories typically fade from our consciousness as they are overshadowed by newer, bigger, even more dramatic incidents. The most recent cybersecurity breaches grab our attention not just because they are breaking news, but also because there's a strong sense that the older incidents, the ones that happened a few months ago—or, even worse, a few years ago—have nothing to teach us because they are already hopelessly out-of-date, and our adversaries have moved on to new tactics and technologies. Why waste time and resources learning how to defend against yesterday's attacks in the face of constantly evolving threats?