Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

08:00 AM
Akshay Bhargava
Akshay Bhargava
Connect Directly
E-Mail vvv

Failing Toward Zero: Why Your Security Needs to Fail to Get Better

Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.

"Hard times create strong people."

"What doesn't kill you makes you stronger."

Maybe you've whispered these mantras to yourself in the aftermath of a personal setback at home or work. We've all heard some take on this expression, but the sentiment is always the same: Failing doesn't feel good in the moment, but it's possible to appreciate failure as a lesson in overcoming adversity. To put it simply, you have to fail in order to get better.

Related Content:

Bug Bounty Hunters' Pro Tips on Chasing Vulns & Money

The Changing Face of Threat Intelligence

New on The Edge: ISP Security: Do We Expect Too Much?

But what if the stakes for failure mean more than another checkmark under the "loss" column?

This is the predicament faced by organizations every day when it comes to cybersecurity. At best, failure means an embarrassing and inconvenient organizational disruption. At worst, it means a catastrophic loss of records and loss of business.

Failure, it would seem, is not an option when it comes to cybersecurity. Or is it?

Author and scholar Nassim Nicholas Taleb can help us answer this question. Taleb has a useful concept called "antifragile," which he uses to describe any person, organization, or entity that benefits from failure. Not only that, as Taleb puts it, the antifragile "loves" randomness, uncertainty, volatility, and errors. Think of it as evolution with a twist. Instead of survival of the fittest, this is survival of the smartest. Whoever can understand and react to environmental stressors best wins.

And let's face it, your cybersecurity will fail at some point. There's no such thing as 100% protection. Cybercriminals need to succeed only once, but organizations need to succeed every time. While it's more than likely that your organization will be the target of a successful cyberattack, a successful cyberattack doesn't necessarily make a catastrophic data breach. If you know your security is going to fail at some point, you can prepare for this eventuality and mitigate its impact on operations. It's at this intersection of antifragility and cybersecurity that we get a model I'm calling "failing toward zero."

Failing toward zero is a state in which each security incident leads to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes. Our data suggests that smart companies are already starting to do this.

The Data Science and Engineering team at Malwarebytes examined all detection data on business endpoints for the past three years. It's no surprise that malware detections on business endpoints went up every single year, from 7,553,354 in 2017 to around 49 million in 2020 — and the year isn't even over yet.

However, the detections we're facing today are different from those we saw just a few years ago. Two of the biggest blockbuster threats of yesteryear — spyware and Trojans — are both down. Since the winter of 2019, spyware detections on business targets dropped 49%, while Trojans dropped 63%. Criminals have since altered tactics in favor of adware and hacktools, a category of riskware that is used to hack into computers and networks. While adware is mostly a nuisance, hacktools can be used to gain access to a system, steal data, and distribute malware. We've seen hacktools detections increase 2,431% since winter 2019.

And it's not that spyware and Trojans have gone away. With the help of technologies like machine learning, we've discovered new strains from these threat categories every day. The truth is that businesses that suffer breaches tend to get better at dealing with them. Yes, they "failed" in the sense that their network security had been breached, but they were failing towards zero.

Now that we have hacktools to contend with, how can we fail toward zero?

The mechanics of failing toward zero vary. Thanks to machine learning, your endpoint protection should be able to "learn" a strain of malware and automatically block threats that behave similarly. There's an equally critical human element as well. You should have an incident response team and put your team and procedures to the test in the following ways:

  • Deliberately introduce stress into the system and see how your team responds in the face of failure.
  • Figure out how you will maintain business continuity during and after an attack.
  • Make sure employees receive adequate training.
  • Ensure institutional knowledge is properly documented for new team members.

Look at your own data. Are you part of the group that's failing toward zero or are you part of the group that's failing toward infinity?

Beyond this basic blocking and tackling, perhaps the biggest challenge in failing toward zero is just to accept failure as a condition of long-term success. We're programmed to win, especially when so much is at stake. We've developed a mindset opposite of failing toward zero — the "losing is not an option" mindset. Frankly, that mindset is not helpful.

I prefer to think of it like this: If your network is breached and you're able to stop that breach before any damage is done and, most importantly, you know that it's not going to happen again, then you've actually won.

Taleb sometimes calls errors "unknowledge." Being ignorant and lacking knowledge is an error in and of itself. I cannot overstate how important it is to study and act on the data from past attacks. So, take the time to study the shortcomings in your security. Look to the past and study attacks at your business and other businesses as well. Cybercriminals have done the work of finding the failures in your security. Take advantage of that.

To fail toward zero, you've got to see the error in your ways. Or as Taleb might put it, you've got to see the way in your errors.

Akshay Bhargava is the Chief Product Officer at Malwarebytes. He drives the company's technology vision, product road map and execution. He previously served as Vice President for Oracle's Cloud Business Group, as a product executive at FireEye and as a management consultant ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.