From overly complex systems to teams under pressure to deliver more, there are a host of underlying factors that combine to open organisations up to risk of Cyberattack incidents. Moving away from blame culture and towards one of learning from mistakes is a cornerstone of effective cyber resilience strategy.
The sixth episode of the series explores how organisations can learn to understand incident causation and underlying causes of cyber-attacks, and why learning from these incidents is invaluable in creating stronger cyber resilience strategies.
In this episode of “Need to Know” host Liz Green, EMEA Advisory & Cyber Lead at Dell Technologies, is joined by Clare Patterson, PhD researcher at Uni of Kent and CyberCompare Advisory Board member.
Listen In To Learn
- Why focusing investment and resourcing into recovery and resilience is increasingly more important than investing in prevention
- How looking backwards at the causes and mistakes that led to an incident can help with forward cyber resilience planning
- Why a blame culture can hamper efforts to build effective resilience
- That acknowledging system complexity is the first step in understanding why incidents and attacks can be successful
Avoiding living in the ‘Paradise of Prevention’
“Attackers only need to get lucky once”. – Clare Patterson
While there are many individual causes of cyber incidents, they all stem from organisations having complex and interwoven IT solutions that do not fit together seamlessly, and from teams being under increasing pressure to deliver more at lower cost. While team members are adapting all the time, increases in pressure can cause them to make mistakes or strain systems to the point of failure.
Systems can now be so complex that it is impossible to understand all the interactions, and businesses are making changes and updates continuously as they make new acquisitions and expand product and service offerings. The competitive nature of business pushes their teams to consistently deliver more with constrained resources, and this can leave the door open for potential breaches.
Prevention is absolutely an important consideration and investment area, vital in ensuring organisations aren’t overwhelmed by attacks and the need to respond to them. But it is important to operate knowing that attacks will occur, and adaptability and resiliency, with a focus on recovery, are also vital considerations in planning and investment.
Looking backwards, planning forwards
“We can be very clever in hindsight, but we need to see things from the perspective people had at the time.” – Clare Patterson
Narratives are created around what has caused incidents, with some perhaps blaming users, other suppliers. Effectively building cyber resilience strategy requires that we recognise mistakes will be made, and there is a shared responsibility for the systems that allow these mistakes to lead to an incident or breach.
Hindsight is always 20/20, but it is important to see things in the context of the time decisions were initially made. The decisions around security and resiliency made in the past made sense to the people making them at the time – prioritising prevention over recovery, for example – who were acting on the information available to them. Understanding this will aid in understanding the causes that led to a failure or breach, and allow teams to think about the changes that will have the most impact on future resilience knowing that they might be likely to experience similar incidents.
Not playing the blame game
“Few companies actually evaluate how well they learn from incidents.” – Clare Patterson
While examining the causes of incidents, it is important to avoid playing the ‘blame game’. Teams need to know they can have open conversations around mistakes they might have made and the pressures they are working under without feeling like they might be singled out.
Few companies routinely evaluate how well they learn from incidents and breaches or review the lessons learned and how these have been implemented in order to reduce or prevent future incidents.
At Dell Technologies, our objective is to provide a deep and broad portfolio of products, delivering specialist solutions for our clients, and partners enabling these solutions. To find out more about our range of cyber resilience solutions and how these can help inform your security strategy, click here.
You can listen to all episodes of “Need to Know” podcast, including this conversation on cyber resilience, here.
