Antifragile Security: Bouncing Back Stronger

Antifragile Security: Bouncing Back Stronger
Michael Marriott
Read More From Michael Marriott
March 21, 2016 | 3 Min Read

Strong, robust, stable, resilience – these are all words associated with a successful security posture. They’re comforting words that serve to gain the confidence of executives. Indeed, knowing that your systems are secure offers a whole lot of confidence. But we can strive to do better, and a great way of framing this is through anti-fragility.

Nassim Taleb – famed for his “black swan” concept – first introduced the term “antifragility” back in 2012. Taleb noted that many people assume the opposite of fragile to be robust, but this is false. It’s possible to boil down this term into one, admittedly crude, analogy. Imagine dropping three items: a crystal glass, a piece of lead, and a ball of elastic bands. The crystal glass would shatter (i.e. be fragile), whereas a piece of lead would hit the floor and remain unchanged (i.e. be robust). A ball of elastic bands, however, would bounce back. This is not simply a case of absorbing friction, but gaining from it to bounce back stronger. This, for lack of a better word, is antifragility.

This is all very interesting, but what does this mean for cybersecurity?

Traditional controls can make an organization robust, and even resilient. Lead-like security is assumed to be a positive characteristic. Why not block bad things so that you’re not affected? In really severe situations, why not have a series of backups in place to ensure the organization remains operational? Seems like a sensible approach and maintaining the status quo by preventing intrusions is all many organizations want.

But is this enough? Organizations can, and should, go further. It is possible to actually gain from adversity and become stronger. In short, organizations can become antifragile.

Attackers leave behind a digital shadow; things we can learn about their activities that serve to inform and direct organizations’ security postures. The more active an actor is, the greater the digital shadow they leave behind. This might include their tactics, techniques and procedures (TTPs), motivations and what information they are targeting. This does more than simply keep you robust. Security professionals can learn from these to actually make their organizations stronger.

Organizations who seek to gain from disorder can do so through cyber situational awareness. That is, understanding both how you are exposed online, but also what you can learn from your adversaries. Combined, these can help organizations be more than simply “robust” – they can bounce back stronger.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

SeachLight’s Exposed Document Alerts: Uncover the Critical, Faster

SeachLight’s Exposed Document Alerts: Uncover the Critical, Faster

November 23, 2020 | 5 Min Read

BACKING UP...INTO A DITCH I am a terrible...
Holiday Cybercrime: Retail Risks and Dark Web Kicks

Holiday Cybercrime: Retail Risks and Dark Web Kicks

November 19, 2020 | 7 Min Read

The holidays are right around the corner,...
ShadowTalk Update: RegretLocker, OceanLotus, Millions Seized in Cryptocurrency, and more!

ShadowTalk Update: RegretLocker, OceanLotus, Millions Seized in Cryptocurrency, and more!

November 16, 2020 | 2 Min Read

ShadowTalk hosts Stefano, Kim, Dylan, and...
To Code or Not to Code? Cybercriminals and the world of programming

To Code or Not to Code? Cybercriminals and the world of programming

November 12, 2020 | 9 Min Read

If you keep a pulse on the technology sector...