Tech News
The cyber industry needs to accept it can’t eliminate risk
In the field of cybersecurity, there is a belief that we must hold ourselves to a higher standard of scrutiny than others. We are expected to be the benchmark of excellence – a level of perfectionism that is unattainable. So, what happens when a cybersecurity company makes a simple mistake?
CrowdStrike serves as a case study in this regard. I recall reading the technical report, and it was as ‘simple’ as adding an extra field to a template that caused everything to crash. However, I suspect this was not just a simple test case failure; it was likely a series of events that led to a significant global issue. This is often referred to as the Swiss cheese model, where a series of failures align, creating holes in the system that allow an incident to occur.
It is important to acknowledge that these incidents do happen because we can never completely eliminate risk in technology. By changing our perception of this fact, we can better prepare to handle future incidents effectively and understand the risks involved, no matter how unlikely they may seem.
Acknowledge the systemic nature of risks
The CrowdStrike outage raised an important question – have we become too reliant on technology companies that are interconnected in one large system?
We use centralized cloud and SaaS providers because the benefits often outweigh the risks. However, if a major provider experiences an incident, it could have far-reaching impacts on organizations that depend on their services.
This situation can create a “too big to fail” scenario, similar to the financial sector, where the failure of a key player could have cascading effects.
While people are generally good at understanding personal risks, they struggle to grasp the larger systemic issues we face. It may be time to diversify our technology stacks and avoid putting all our eggs in one basket.
Zero risk is not achievable
It’s important to be realistic – we cannot eliminate all risks.
We need to focus on reducing risk to a reasonable, manageable level rather than striving for absolute perfection. There will always be some level of risk that needs to be addressed. The concept of As Low as Reasonably Practicable can be a helpful approach in managing risk effectively.
Be transparent about residual risks
It is crucial to be honest about the fact that some risks will remain even after mitigation efforts. Setting realistic expectations with stakeholders and senior management is key.
Transparency is essential in maintaining trust and preventing incidents. CrowdStrike handled their incident well by being open and clear in their communication with customers and stakeholders, providing constant updates and remediation advice. Organizations must find the right balance between keeping security measures simple and easy to implement, while also being transparent enough to manage risks effectively and maintain trust.
Bug causes Galaxy Watch 7 to vibrate for no reason
75 December Quotes for an Inspirational, Beautiful and Joyful Month
Wait-listed Taylor Swift fans get another chance to buy tickets to Toronto concerts – Toronto
Tokyo Clanpool launches globally in December for PC and Switch in Asia
North Korea fires a barrage of ballistic missiles toward the sea ahead of US election
New AI-powered tech allows real-time de-aging in Tom Hanks and Robin Wright’s latest movie
Learn to flirt in every language with help from Babbel on sale
U.S. presidential elections: Factors deciding when results will be announced
20 years on and ahead of the Switch 2, The Minish Cap is a great reminder that The Legend of Zelda doesn’t always have to be about the same things
Only One PSVR 2 Game Confirmed for PS5 Pro Enhancements at Launch, VR Performance Patch Expected Later
The Top 20 Motivational Instagram Accounts to Follow (2024)
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Singapore Airlines CEO set to join board of Air India, BA News, BA
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Mastering data privacy in the age of AI
Satisfy Your Meat and BBQ Cravings While in Texas
15 of the Best Trike & Tricycles Mums Recommend
Soccer team’s drone at center of Paris Olympics spying scandal
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Motivation5 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Tech News5 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Destination1 month agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Self Development5 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Tech News3 months agoMastering data privacy in the age of AI
-
Guides & Tips4 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Toys5 months ago15 of the Best Trike & Tricycles Mums Recommend
-
Tech News3 months agoSoccer team’s drone at center of Paris Olympics spying scandal