April 6, 2017 By Anuj Goel 4 min read

“The inability to predict outliers implies the inability to predict the course of history.” ― Nassim Nicholas Taleb, “The Black Swan: The Impact of the Highly Improbable

In modern parlance, the phrase “black swan,” as espoused by the famous intellectual personality Nassim Nicholas Taleb in his famous book “The Black Swan: The Impact of The Highly Improbable,” refers to an event that comes as a surprise, leaves a major impact and, in the absence of cyber situational awareness, can be rationalized only with the help of hindsight.

When it comes to cybersecurity, the black swan theory holds special importance. As cyberspace grows in volume and operation, it becomes more entwined with different aspects of everyday life. Given this increased integration, a black swan event could unleash major consequences through the multiplier effect.

Hindsight Is 20/20

A black swan event is impossible to predict and can be rationalized only through the wisdom of hindsight. Nevertheless, there are certain high-impact, low-probability scenarios that could be simulated or conceptualized to prepare an incident response plan.

The high-profile Yahoo, Target and Sony breaches were not typical black swan events, since they could have been predicted and prepared for. The Target breach of 2013, which exposed 40 million debit and credit card details, occurred due to the poor security practices of a third-party HVAC vendor. Similarly, the Sony breach has been attributed to lax access control policies. Meanwhile, a 2013 attack on a dam in New York happened because an insecure cellular modem allegedly allowed threat actors to take control of critical infrastructure.

These high-impact, low-probability incidents could have been avoided had unconventional security vulnerabilities been taken into account. An effective incident response plan must consider security scenarios that are unlikely but potentially damaging.

A Gloomy Picture

In 2013, the Ponemon Institute published an interesting study titled “Efficacy of Emerging Network Security Technologies.” The report revealed that the majority of security professionals around the world agree that the threat landscape is changing and becoming more complex with each passing day. As a result, most organizations, especially in banking, finance, health care and manufacturing, are deploying the latest security solutions to prevent incidents.

Interestingly, some survey participants who reported positive results from security solutions also said they considered their organizations to be vulnerable to cybercrime. The situation painted a gloomy picture of the security landscape and suggested that many organizations are unprepared to deal with unconventional and unknown threats that could kick-start a black swan cyber event.

Organizations deploy solutions that can effectively detect and contain only known threats. Solutions such as firewalls can only prevent intrusions according to defined access control policies, and intrusion prevention systems (IPS) can only protect against threats that match the database of known threat signatures. In other words, these solutions do not cover the entire ground of the threat landscape because they fail to account for the dynamically emerging threats and provide no defense against the unknown. Until all attack pathways are insulated with security barricades, cybercriminals will continue to penetrate networks and the risk of high-impact scenarios will remain.

Embracing Cyber Situational Awarness

Extraordinary threats require extraordinary solutions. You cannot predict a black swan event, but you can estimate the probability that it will occur and its potential impact by building a security architecture that evolves as the threat landscape shifts. Organizations must look beyond conventional modes of defense to achieve a security posture that is dynamic, not static. This requires cyber situational awareness and information sharing.

As defined by Dr. Mica Endsley, former chief scientist of the U.S. Air Force, situational awareness is the perception of elements in the environment, the comprehension of their meaning and the projection of their status in the near future. The perception, comprehension and projection elements of cyber situational awareness can effectively track, analyze and provide actionable intelligence about emerging threats, threat actors, vulnerabilities and malware. This enables organizations to understand their own security preparedness and proactively take steps to mitigate risks associated with emerging threats.

Securing Human Endpoints

Situational awareness must be imparted at all hierarchical echelons of an organization, including the board members and executives, IT professionals, security analysts, human resources, finance, sales, marketing, and third-party vendors and clients. These are all human endpoints with gaps in awareness that could potentially be exploited by fraudsters.

If these vulnerabilities are plugged in on a real-time basis, cybercriminals will find it tough to improve their scale of sophistication. Like an exponential graph, their innovative techniques would hit a roof and then stagnate, which would provide the requisite time for organizations to normalize their awareness levels. Furthermore, the actionable information generated by situational awareness needs to be shared in real time with industry peers and clients to protect the overall industrial security framework.

Butterflies and Black Swans

It’s also important to understand an organization’s security posture through the prism of the butterfly effect, which states that every minute, localized action can have significant consequences elsewhere in a complex system. Consider the many acts of poor cyber hygiene employees carry out on a daily basis — these missteps can ultimately lead to a massive black swan event.

Since most corporate assets are connected across the organizations to which they belong, a localized action can enable malicious actors to trigger catastrophic events within a network and even throughout cyberspace at large. Therefore, individual cyber hygiene is crucial to prevent black swan events. Just like software, user education needs regular patching, which can only be delivered through cyber situational awareness.

More from Risk Management

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today