The More IT Changes, the More IT Stays the Same

For more than 30 years, cybersecurity has promised that the next technology, framework, or tool would finally make us safer. And yet breaches keep getting worse. This session argues that modern cyber incidents are not the result of novel or sophisticated threats, but of the industry’s repeated failure to fix problems we have understood since the 1990s. Weak authentication, excessive trust, misconfiguration, and social engineering powered early viruses and intrusions— and today they still sit at the heart of ransomware, cloud breaches, and identity compromise. By tracing a straight line from the early internet to today’s “advanced” attacks, this talk exposes how attackers have barely changed their techniques while defenders have built increasingly complex systems on the same fragile assumptions. The result is an arms race that looks innovative on the surface but keeps collapsing for the same reasons. This is not a talk about the next threat. It’s a challenge to the cybersecurity community to confront why decades of warnings, lessons learned, and best practices have failed to change outcomes— and what must be done differently if we actually want security to improve.