Architecture change needed to prevent major systemic risk
The majority of cybersecurity incidents is triggered by malware infections at end user devices. Endpoint security software is a major market but has essentially failed to reliably prevent such malware infections, and there is no hope whatsoever that this will change in the future.
The root cause: All of today's end user devices are software-controlled, and hence are threatened by malicious software. In addition, they do accept code downloads via the network. Furthermore, typical end users just aren't security experts and sometimes can be tricked, and there are so many more vulnerable end user devices than those usually better protected central applications. The latter can be infeted too (eg. by ransomware), but this very often happens via an previously infected end user device.
The cure: For critical applications, we ought to switch to hardware-controlled end user devices. This is very good and proven practice: Before PCs were introduced, all our end user devices were hardware controlled - and we then had no malware problems whatsoever.
We would need to develop new hardware-controlled devices supporting today's needs including grahics, multiple screen windows, multimedia, teleconferencing etc., which is entirely possible but requires a significant architecture change. Those new and secure end user devices would be cloud/edge-oriented, and wouldn't contain an OS such as Windows or some Linux variant. This results in much better functional stability, reliability and ease of use.
Biting the hand that feeds IT
