Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

A Realistic Approach to Cyber Security Means Avoiding the Trap of Near-Miss Complacency

How many times do we hear about people failing to heed warnings of potential danger from natural or man-made disasters only to be negatively affected? Researchers Robin Dillon-Merrill and Catherine Tinsley at Georgetown’s McDonough School of Business took a look at this phenomenon in a paper entitled “How Near-Miss Events Amplify or Attenuate Risky Decision Making.” It all boils down to the fact that we tend to view the outcome as the indicator of success or failure.

How many times do we hear about people failing to heed warnings of potential danger from natural or man-made disasters only to be negatively affected? Researchers Robin Dillon-Merrill and Catherine Tinsley at Georgetown’s McDonough School of Business took a look at this phenomenon in a paper entitled “How Near-Miss Events Amplify or Attenuate Risky Decision Making.” It all boils down to the fact that we tend to view the outcome as the indicator of success or failure. In the case of a near-miss, the outcome is positive so our natural tendency is to consider it a success. With enough ‘successful’ outcomes complacency can take hold along with a false sense of security; past experiences influence individual assessments of risk and lead us to make more risky decisions. As an example, the paper cites Hurricane Katrina and how ‘hurricane fatigue’ had set in, causing many individuals not to heed evacuation warnings.

Thinking SecurityBut the researchers also find that if we flip our perspective and view the outcome of a near-miss as a near-failure, then we can take steps to minimize risk in the event of disaster. To do this we need to put a premium on safety. Leading automobile manufacturers have a long history of doing this successfully. Since introducing its crash tests in 1995, the Insurance Institute for Highway Safety reports that the majority of vehicles tested have improved from poor or marginal to good – the highest rating. Automobile manufacturers demonstrate that if we identify near-miss events as near-failures and then use them as an opportunity to recognize and correct dangerous conditions, we can actively reduce risk and move towards true success.

This same approach should be applied to cyber security where complacency doesn’t just cloud our ability to assess risk, it actually compounds risk by creating vulnerabilities. That’s because security is temporal. You may be safe today, but what about tomorrow? Business models are evolving, attack vectors are evolving and attackers are evolving too. You’re up against persistent and astute attackers who are taking advantage of dynamic environments and gaps in security to penetrate your networks.

As a security professional dealing with this reality it’s more important than ever to be able to identify near-miss events and take action, turning them into opportunities to enhance security. Below are a few key considerations when evaluating technologies and processes to support this effort.

Open. To deal with dynamic environments you need access to global intelligence, with the right context, to identify vulnerabilities and take immediate action. An open architecture lets you share the latest threat intelligence and protections across a vast community of users for collective immunity. It also enables you to integrate easily with other layers of security defenses as your IT environment and business requirements change.

Integrated. To eliminate the gaps in security that attackers are exploiting, you need technologies that work together to secure networks, endpoints, virtual environments, data centers and mobile devices. Whatever form factor your business requires – physical, virtual, cloud or services – look for solutions that enable you to improve security controls with central policy management, monitoring and distributed policy enforcement.

Pervasive. Policies and controls are important to reduce the surface area of an attack, but threats still get through. Given today’s sophisticated and malicious attacks, you need defenses that address the full attack continuum – before an attack happens, during the time it is in progress and even after it begins to damage systems. You also need to address all attack vectors including network, endpoint, mobile, virtual, email and web. Pervasive protection is the only way to detect, understand and stop targeted malware and advance persistent threats and avoid the ongoing damaging effects of a deeply rooted, long-term attack.

Continuous. Advanced attacks do not occur at a single point in time; they are ongoing and require continuous scrutiny. A security infrastructure based on the concept of awareness, one that can aggregate and correlate data from across the extended network with historical patterns and global attack intelligence, enables you discriminate between active attacks and simply background noise. This helps you zero-in quickly on a malicious attack, take action to stop the threat and use that intelligence against future attacks.

Advertisement. Scroll to continue reading.

There’s a lot we can understand about our environment and attackers to help identify near-misses and correct dangerous conditions to mitigate the impact of an attack and prevent future similar attacks. What’s needed is a realistic approach to security so you can see a near-miss for what it truly is – a near-failure. With that perspective you avoid the trap – and risk – of complacency and gain more effective security.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...