Do threats change over time? Why or why not?

Threats change over time due to a variety of reasons. As we all know, technology evolves at such a fast rate that it is often challenging to keep up. To better explain, I recently built two new computers (one for work and one for gaming), and already, the hardware I chose is becoming outdated. In terms of threats, the hardware and software I installed on my gaming computer had specific threats that I accounted for with warranties, on-hand replacement parts, virus/malware protection, data backups, weekly and daily maintenance schedules, as well as adequately configured settings and update policies. Within a few months of finishing the build, I had to revamp my approaches to mitigating the possible threats of my PC due to purchasing new hardware and software; while this is merely an example, it should how even on a small scale, threats undoubtedly change.

Threats also change due to personnel updates, operational business changes, evolving rules, regulations, and policies, and even due to events in the real world, such as COVID-19’s disastrous repercussions. Due to the ever-changing threats and risks we and the businesses we protect encounter, only by continually reviewing, mitigating, and predicting our defenses (and its adversaries) can we hope to stay one step ahead of the future of our threat model. A common threat, such as a vulnerability in Windows 7, for example, would no longer be present due to the upgrade to Windows 10. The danger of lost or damaged company property existing on-premises in a specific department may be reduced or even eliminated due to the workforce working from home. If threats never changed, classes such as this would be deemed irrelevant, as once we do everything in our power to minimize the threat’s possibility of occurrence, as well as mitigating its business impact, we would be merely sitting around with nothing to do. Threats and risks change daily; the steps we take in planning and defending against them should as well.

References

EY. (2014). Cyber threat intelligence − how to get ahead of cybercrime. Retrieved September 15, 2020, from https://www.ey.com/Publication/vwLUAssets/EY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime/$FILE/EY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime.pdf.

Wheeler, E. (2011). Security risk management: Building an information security risk management program from the ground up. Waltham, MA: Syngress.