GreyCastle Security Shares Its “5 in 5”: Top Five Cybersecurity Trends of the Past Five Years

Share Article

Firm celebrates its five-year anniversary by advising on trends relevant to future security successes or failures

News Image
Five years ago, we anticipated that cybersecurity would become a major player in business and touch nearly every industry. Regardless of your company’s size, it is all about identifying threats and vulnerabilities and managing risks.

GreyCastle Security marks its five-year anniversary on July 1 by sharing its top five cybersecurity trends from 2011 to today. The founders of the growing cybersecurity consulting firm believe cybersecurity solutions must be delivered continuously in a constantly evolving security landscape -- a principle reflected in trends that reveal technology’s weaknesses in security -- to how businesses spend, or misspend, their cybersecurity dollars.

“Cybersecurity is changing all the time, but we’ve definitely seen some obvious trends over time,” says GreyCastle CEO and co-founder Reg Harnish. “Keeping pace with cybercriminals and adversaries is now a full-time job for most businesses; unfortunately, our adversaries are advancing faster than we are.”

Harnish, who helped oversee the firm’s double-digit growth in employees, clients and revenues, offers these top five cybersecurity trends he has witnessed over the past five years:

1. The word is out that technology does not solve security problems on its own.
Houses don’t get built with hammers alone; it takes carpenters, architects and blueprints. Effective cybersecurity needs a similar approach: If you’re not addressing your people and process risks, you’ll never solve your cybersecurity problems.

2. Businesses continue to spend more on cybersecurity, but they’re spending it on the wrong things.
Businesses are seeing the importance of cybersecurity and finally budgeting for it. However, they’re spending their money on the wrong things. If they don’t know and pinpoint their risks, they’re going to waste time and money on things that don’t matter.

3. Federal regulations continue to be little more than a distraction.
Right now, government agencies are going out of their way to penalize companies that are not compliant with cybersecurity regulations, rather than rewarding companies that are following the rules. Rewarding compliant organizations would motivate others to be proactive in their security compliance versus waiting until they are caught in non-compliance. Remember, compliance does not equal security. A company can be compliant and still be at risk.

4. Cybersecurity is now about resilience, not prevention.
Proactive cybersecurity practices that include a combination of education, training and technology has led to the industry’s resilience. Cybersecurity professionals who approach security as a constant process are better prepared to minimize negative consequences from the next attack, because they realize there will be a next attack. Companies who adapt this mindset are less likely to be caught off-guard.

5. Cyberwarfare is asymmetric – offense is easier than defense.
The bad guys only need to be right once; we need to be right every time. As hackers continue to get more savvy with their tactics, the odds are against us, forcing us to rethink the way we approach cybersecurity.

Harnish noted that the pace at which hackers adapt and sharpen their skills is a constant driver of future trends, while increased connectivity – widely referred to as the Internet of Things – should be on the radar of security experts.

“Five years ago, we anticipated that cybersecurity would become a major player in business and touch nearly every industry. Regardless of your company’s size, it is all about identifying threats and vulnerabilities and managing risks,” says Harnish. “Hopefully one of the trends we see over the next five years is that our message about cybersecurity being a people problem – not a technology problem – is getting through.”

GreyCastle Security offers a Cybersecurity 101 course in partnership with Hudson Valley Community College where individuals can earn a baseline cybersecurity certification. GreyCastle also hosts an annual symposium of over 100+ C-level attendees and has been mentioned by leading news sources including ABC, NBC and TIME Magazine.

In just five years, GreyCastle has won clients in 42 states. The firm opened a second office this past spring in Rochester, N.Y. Its numerous awards include Cybersecurity Ventures’ 2016 Cybersecurity Top 500, 2015 Best Places to Work and 2015 Center for Economic Growth (CEG) Innovator.

Members of the media interested in speaking with Harnish can contact Elizabeth Hilton at ehilton(at)crosswindpr(dot)com. For more information on GreyCastle, visit


About GreyCastle Security:
GreyCastle Security is a cybersecurity consulting firm focused on risk management, awareness and operational security. Our company was established to counter rapidly evolving cybersecurity threats and manage risks in people, processes and technology. GreyCastle Security is comprised exclusively of highly certified professionals with prior security experience in healthcare, education, retail and gaming. Our team members are all former CISOs, ISOs, security specialists and operators. We bring a client perspective to everything we do. All we do is cybersecurity -- all day, every day. We provide assessments, training, testing and response capabilities to organizations of all sizes, types and industries. We bring passionate practicality to cybersecurity. Visit us at for more information, and let GreyCastle Security redefine cybersecurity for you.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Elizabeth Hilton