Failing Toward Zero: Why Your Security Needs to Fail to Get Better

Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.

"Hard times create strong people."


"What doesn't kill you makes you stronger."


Maybe you've whispered these mantras to yourself in the aftermath of a personal setback at home or work. We've all heard some take on this expression, but the sentiment is always the same: Failing doesn't feel good in the moment, but it's possible to appreciate failure as a lesson in overcoming adversity. To put it simply, you have to fail in order to get better.


But what if the stakes for failure mean more than another checkmark under the "loss" column?


This is the predicament faced by organizations every day when it comes to cybersecurity. At best, failure means an embarrassing and inconvenient organizational disruption. At worst, it means a catastrophic loss of records and loss of business.


Failure, it would seem, is not an option when it comes to cybersecurity. Or is it?


Author and scholar Nassim Nicholas Taleb can help us answer this question. Taleb has a useful concept called "antifragile," which he uses to describe any person, organization, or entity that benefits from failure. Not only that, as Taleb puts it, the antifragile "loves" randomness, uncertainty, volatility, and errors. Think of it as evolution with a twist. Instead of survival of the fittest, this is survival of the smartest. Whoever can understand and react to environmental stressors best wins.


And let's face it, your cybersecurity will fail at some point. There's no such thing as 100% protection. Cybercriminals need to succeed only once, but organizations need to succeed every time. While it's ..

Support the originator by clicking the read the rest link below.