Tech News
The cyber industry needs to accept it can’t eliminate risk
In the field of cybersecurity, there is a belief that we must hold ourselves to a higher standard of scrutiny than others. We are expected to be the benchmark of excellence – a level of perfectionism that is unattainable. So, what happens when a cybersecurity company makes a simple mistake?
CrowdStrike serves as a case study in this regard. I recall reading the technical report, and it was as ‘simple’ as adding an extra field to a template that caused everything to crash. However, I suspect this was not just a simple test case failure; it was likely a series of events that led to a significant global issue. This is often referred to as the Swiss cheese model, where a series of failures align, creating holes in the system that allow an incident to occur.
It is important to acknowledge that these incidents do happen because we can never completely eliminate risk in technology. By changing our perception of this fact, we can better prepare to handle future incidents effectively and understand the risks involved, no matter how unlikely they may seem.
Acknowledge the systemic nature of risks
The CrowdStrike outage raised an important question – have we become too reliant on technology companies that are interconnected in one large system?
We use centralized cloud and SaaS providers because the benefits often outweigh the risks. However, if a major provider experiences an incident, it could have far-reaching impacts on organizations that depend on their services.
This situation can create a “too big to fail” scenario, similar to the financial sector, where the failure of a key player could have cascading effects.
While people are generally good at understanding personal risks, they struggle to grasp the larger systemic issues we face. It may be time to diversify our technology stacks and avoid putting all our eggs in one basket.
Zero risk is not achievable
It’s important to be realistic – we cannot eliminate all risks.
We need to focus on reducing risk to a reasonable, manageable level rather than striving for absolute perfection. There will always be some level of risk that needs to be addressed. The concept of As Low as Reasonably Practicable can be a helpful approach in managing risk effectively.
Be transparent about residual risks
It is crucial to be honest about the fact that some risks will remain even after mitigation efforts. Setting realistic expectations with stakeholders and senior management is key.
Transparency is essential in maintaining trust and preventing incidents. CrowdStrike handled their incident well by being open and clear in their communication with customers and stakeholders, providing constant updates and remediation advice. Organizations must find the right balance between keeping security measures simple and easy to implement, while also being transparent enough to manage risks effectively and maintain trust.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend