Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

A Realistic Approach to Cyber Security Means Avoiding the Trap of Near-Miss Complacency

How many times do we hear about people failing to heed warnings of potential danger from natural or man-made disasters only to be negatively affected? Researchers Robin Dillon-Merrill and Catherine Tinsley at Georgetown’s McDonough School of Business took a look at this phenomenon in a paper entitled “How Near-Miss Events Amplify or Attenuate Risky Decision Making.” It all boils down to the fact that we tend to view the outcome as the indicator of success or failure.

How many times do we hear about people failing to heed warnings of potential danger from natural or man-made disasters only to be negatively affected? Researchers Robin Dillon-Merrill and Catherine Tinsley at Georgetown’s McDonough School of Business took a look at this phenomenon in a paper entitled “How Near-Miss Events Amplify or Attenuate Risky Decision Making.” It all boils down to the fact that we tend to view the outcome as the indicator of success or failure. In the case of a near-miss, the outcome is positive so our natural tendency is to consider it a success. With enough ‘successful’ outcomes complacency can take hold along with a false sense of security; past experiences influence individual assessments of risk and lead us to make more risky decisions. As an example, the paper cites Hurricane Katrina and how ‘hurricane fatigue’ had set in, causing many individuals not to heed evacuation warnings.

Thinking SecurityBut the researchers also find that if we flip our perspective and view the outcome of a near-miss as a near-failure, then we can take steps to minimize risk in the event of disaster. To do this we need to put a premium on safety. Leading automobile manufacturers have a long history of doing this successfully. Since introducing its crash tests in 1995, the Insurance Institute for Highway Safety reports that the majority of vehicles tested have improved from poor or marginal to good – the highest rating. Automobile manufacturers demonstrate that if we identify near-miss events as near-failures and then use them as an opportunity to recognize and correct dangerous conditions, we can actively reduce risk and move towards true success.

This same approach should be applied to cyber security where complacency doesn’t just cloud our ability to assess risk, it actually compounds risk by creating vulnerabilities. That’s because security is temporal. You may be safe today, but what about tomorrow? Business models are evolving, attack vectors are evolving and attackers are evolving too. You’re up against persistent and astute attackers who are taking advantage of dynamic environments and gaps in security to penetrate your networks.

As a security professional dealing with this reality it’s more important than ever to be able to identify near-miss events and take action, turning them into opportunities to enhance security. Below are a few key considerations when evaluating technologies and processes to support this effort.

Open. To deal with dynamic environments you need access to global intelligence, with the right context, to identify vulnerabilities and take immediate action. An open architecture lets you share the latest threat intelligence and protections across a vast community of users for collective immunity. It also enables you to integrate easily with other layers of security defenses as your IT environment and business requirements change.

Integrated. To eliminate the gaps in security that attackers are exploiting, you need technologies that work together to secure networks, endpoints, virtual environments, data centers and mobile devices. Whatever form factor your business requires – physical, virtual, cloud or services – look for solutions that enable you to improve security controls with central policy management, monitoring and distributed policy enforcement.

Pervasive. Policies and controls are important to reduce the surface area of an attack, but threats still get through. Given today’s sophisticated and malicious attacks, you need defenses that address the full attack continuum – before an attack happens, during the time it is in progress and even after it begins to damage systems. You also need to address all attack vectors including network, endpoint, mobile, virtual, email and web. Pervasive protection is the only way to detect, understand and stop targeted malware and advance persistent threats and avoid the ongoing damaging effects of a deeply rooted, long-term attack.

Continuous. Advanced attacks do not occur at a single point in time; they are ongoing and require continuous scrutiny. A security infrastructure based on the concept of awareness, one that can aggregate and correlate data from across the extended network with historical patterns and global attack intelligence, enables you discriminate between active attacks and simply background noise. This helps you zero-in quickly on a malicious attack, take action to stop the threat and use that intelligence against future attacks.

There’s a lot we can understand about our environment and attackers to help identify near-misses and correct dangerous conditions to mitigate the impact of an attack and prevent future similar attacks. What’s needed is a realistic approach to security so you can see a near-miss for what it truly is – a near-failure. With that perspective you avoid the trap – and risk – of complacency and gain more effective security.

Advertisement. Scroll to continue reading.
Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.