Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

08:00 AM
Akshay Bhargava
Akshay Bhargava
Connect Directly
E-Mail vvv

Failing Toward Zero: Why Your Security Needs to Fail to Get Better

Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.

"Hard times create strong people."

"What doesn't kill you makes you stronger."

Maybe you've whispered these mantras to yourself in the aftermath of a personal setback at home or work. We've all heard some take on this expression, but the sentiment is always the same: Failing doesn't feel good in the moment, but it's possible to appreciate failure as a lesson in overcoming adversity. To put it simply, you have to fail in order to get better.

Related Content:

Bug Bounty Hunters' Pro Tips on Chasing Vulns & Money

The Changing Face of Threat Intelligence

New on The Edge: ISP Security: Do We Expect Too Much?

But what if the stakes for failure mean more than another checkmark under the "loss" column?

This is the predicament faced by organizations every day when it comes to cybersecurity. At best, failure means an embarrassing and inconvenient organizational disruption. At worst, it means a catastrophic loss of records and loss of business.

Failure, it would seem, is not an option when it comes to cybersecurity. Or is it?

Author and scholar Nassim Nicholas Taleb can help us answer this question. Taleb has a useful concept called "antifragile," which he uses to describe any person, organization, or entity that benefits from failure. Not only that, as Taleb puts it, the antifragile "loves" randomness, uncertainty, volatility, and errors. Think of it as evolution with a twist. Instead of survival of the fittest, this is survival of the smartest. Whoever can understand and react to environmental stressors best wins.

And let's face it, your cybersecurity will fail at some point. There's no such thing as 100% protection. Cybercriminals need to succeed only once, but organizations need to succeed every time. While it's more than likely that your organization will be the target of a successful cyberattack, a successful cyberattack doesn't necessarily make a catastrophic data breach. If you know your security is going to fail at some point, you can prepare for this eventuality and mitigate its impact on operations. It's at this intersection of antifragility and cybersecurity that we get a model I'm calling "failing toward zero."

Failing toward zero is a state in which each security incident leads to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes. Our data suggests that smart companies are already starting to do this.

The Data Science and Engineering team at Malwarebytes examined all detection data on business endpoints for the past three years. It's no surprise that malware detections on business endpoints went up every single year, from 7,553,354 in 2017 to around 49 million in 2020 — and the year isn't even over yet.

However, the detections we're facing today are different from those we saw just a few years ago. Two of the biggest blockbuster threats of yesteryear — spyware and Trojans — are both down. Since the winter of 2019, spyware detections on business targets dropped 49%, while Trojans dropped 63%. Criminals have since altered tactics in favor of adware and hacktools, a category of riskware that is used to hack into computers and networks. While adware is mostly a nuisance, hacktools can be used to gain access to a system, steal data, and distribute malware. We've seen hacktools detections increase 2,431% since winter 2019.

And it's not that spyware and Trojans have gone away. With the help of technologies like machine learning, we've discovered new strains from these threat categories every day. The truth is that businesses that suffer breaches tend to get better at dealing with them. Yes, they "failed" in the sense that their network security had been breached, but they were failing towards zero.

Now that we have hacktools to contend with, how can we fail toward zero?

The mechanics of failing toward zero vary. Thanks to machine learning, your endpoint protection should be able to "learn" a strain of malware and automatically block threats that behave similarly. There's an equally critical human element as well. You should have an incident response team and put your team and procedures to the test in the following ways:

  • Deliberately introduce stress into the system and see how your team responds in the face of failure.
  • Figure out how you will maintain business continuity during and after an attack.
  • Make sure employees receive adequate training.
  • Ensure institutional knowledge is properly documented for new team members.

Look at your own data. Are you part of the group that's failing toward zero or are you part of the group that's failing toward infinity?

Beyond this basic blocking and tackling, perhaps the biggest challenge in failing toward zero is just to accept failure as a condition of long-term success. We're programmed to win, especially when so much is at stake. We've developed a mindset opposite of failing toward zero — the "losing is not an option" mindset. Frankly, that mindset is not helpful.

I prefer to think of it like this: If your network is breached and you're able to stop that breach before any damage is done and, most importantly, you know that it's not going to happen again, then you've actually won.

Taleb sometimes calls errors "unknowledge." Being ignorant and lacking knowledge is an error in and of itself. I cannot overstate how important it is to study and act on the data from past attacks. So, take the time to study the shortcomings in your security. Look to the past and study attacks at your business and other businesses as well. Cybercriminals have done the work of finding the failures in your security. Take advantage of that.

To fail toward zero, you've got to see the error in your ways. Or as Taleb might put it, you've got to see the way in your errors.

Akshay Bhargava is the Chief Product Officer at Malwarebytes. He drives the company's technology vision, product road map and execution. He previously served as Vice President for Oracle's Cloud Business Group, as a product executive at FireEye and as a management consultant ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.