April 6, 2017 By Anuj Goel 4 min read

“The inability to predict outliers implies the inability to predict the course of history.” ― Nassim Nicholas Taleb, “The Black Swan: The Impact of the Highly Improbable

In modern parlance, the phrase “black swan,” as espoused by the famous intellectual personality Nassim Nicholas Taleb in his famous book “The Black Swan: The Impact of The Highly Improbable,” refers to an event that comes as a surprise, leaves a major impact and, in the absence of cyber situational awareness, can be rationalized only with the help of hindsight.

When it comes to cybersecurity, the black swan theory holds special importance. As cyberspace grows in volume and operation, it becomes more entwined with different aspects of everyday life. Given this increased integration, a black swan event could unleash major consequences through the multiplier effect.

Hindsight Is 20/20

A black swan event is impossible to predict and can be rationalized only through the wisdom of hindsight. Nevertheless, there are certain high-impact, low-probability scenarios that could be simulated or conceptualized to prepare an incident response plan.

The high-profile Yahoo, Target and Sony breaches were not typical black swan events, since they could have been predicted and prepared for. The Target breach of 2013, which exposed 40 million debit and credit card details, occurred due to the poor security practices of a third-party HVAC vendor. Similarly, the Sony breach has been attributed to lax access control policies. Meanwhile, a 2013 attack on a dam in New York happened because an insecure cellular modem allegedly allowed threat actors to take control of critical infrastructure.

These high-impact, low-probability incidents could have been avoided had unconventional security vulnerabilities been taken into account. An effective incident response plan must consider security scenarios that are unlikely but potentially damaging.

A Gloomy Picture

In 2013, the Ponemon Institute published an interesting study titled “Efficacy of Emerging Network Security Technologies.” The report revealed that the majority of security professionals around the world agree that the threat landscape is changing and becoming more complex with each passing day. As a result, most organizations, especially in banking, finance, health care and manufacturing, are deploying the latest security solutions to prevent incidents.

Interestingly, some survey participants who reported positive results from security solutions also said they considered their organizations to be vulnerable to cybercrime. The situation painted a gloomy picture of the security landscape and suggested that many organizations are unprepared to deal with unconventional and unknown threats that could kick-start a black swan cyber event.

Organizations deploy solutions that can effectively detect and contain only known threats. Solutions such as firewalls can only prevent intrusions according to defined access control policies, and intrusion prevention systems (IPS) can only protect against threats that match the database of known threat signatures. In other words, these solutions do not cover the entire ground of the threat landscape because they fail to account for the dynamically emerging threats and provide no defense against the unknown. Until all attack pathways are insulated with security barricades, cybercriminals will continue to penetrate networks and the risk of high-impact scenarios will remain.

Embracing Cyber Situational Awarness

Extraordinary threats require extraordinary solutions. You cannot predict a black swan event, but you can estimate the probability that it will occur and its potential impact by building a security architecture that evolves as the threat landscape shifts. Organizations must look beyond conventional modes of defense to achieve a security posture that is dynamic, not static. This requires cyber situational awareness and information sharing.

As defined by Dr. Mica Endsley, former chief scientist of the U.S. Air Force, situational awareness is the perception of elements in the environment, the comprehension of their meaning and the projection of their status in the near future. The perception, comprehension and projection elements of cyber situational awareness can effectively track, analyze and provide actionable intelligence about emerging threats, threat actors, vulnerabilities and malware. This enables organizations to understand their own security preparedness and proactively take steps to mitigate risks associated with emerging threats.

Securing Human Endpoints

Situational awareness must be imparted at all hierarchical echelons of an organization, including the board members and executives, IT professionals, security analysts, human resources, finance, sales, marketing, and third-party vendors and clients. These are all human endpoints with gaps in awareness that could potentially be exploited by fraudsters.

If these vulnerabilities are plugged in on a real-time basis, cybercriminals will find it tough to improve their scale of sophistication. Like an exponential graph, their innovative techniques would hit a roof and then stagnate, which would provide the requisite time for organizations to normalize their awareness levels. Furthermore, the actionable information generated by situational awareness needs to be shared in real time with industry peers and clients to protect the overall industrial security framework.

Butterflies and Black Swans

It’s also important to understand an organization’s security posture through the prism of the butterfly effect, which states that every minute, localized action can have significant consequences elsewhere in a complex system. Consider the many acts of poor cyber hygiene employees carry out on a daily basis — these missteps can ultimately lead to a massive black swan event.

Since most corporate assets are connected across the organizations to which they belong, a localized action can enable malicious actors to trigger catastrophic events within a network and even throughout cyberspace at large. Therefore, individual cyber hygiene is crucial to prevent black swan events. Just like software, user education needs regular patching, which can only be delivered through cyber situational awareness.

More from Risk Management

Digital solidarity vs. digital sovereignty: Which side are you on?

4 min read - The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts: digital solidarity and digital sovereignty.The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, positioning it as a counterpoint to the protectionist approach of digital sovereignty.What are the main differences between these two concepts, and why does it matter? Let’s…

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

It all adds up: Pretexting in executive compromise

4 min read - Executives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords.While phishing remains the primary pathway to executive compromise, increasing C-suite awareness of this risk requires a more in-depth approach from attackers: Pretexting.What is pretexting?Pretexting is the use of a fabricated story or narrative — a “pretext” — to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today