A resilient business is made up of several moving parts: a supply chain, manufacturers, services, engineers, and many other parts working together to ensure a company is secure. Collaboration among these groups can help identify risks and predict security incidents before they happen.
"We always think about the incidents because the incidents get the headlines," said Pete Cooper, deputy director of cyber defense for the UK Cabinet Office. "But it's the events, the near misses, the problems -- all of that stuff happening underneath the surface is all the activity that will actually help you predict where your incidents are going to happen."
This was a lesson Cooper learned as a flight safety officer in the Air Force and later applied to cybersecurity, he explained in his Black Hat Europe keynote. People would bring to him issues and risks so they surfaced to the top of the organizations and were addressed ahead of time.
"The more we understand what's happening below the surface helps us better understand and predict where those incidents are going to happen so we can prevent them," he noted.
It wasn't the only parallel that Cooper, a former RAF fast-jet pilot, drew between flying fast jets in the Air Force and working in cybersecurity. He emphasized the importance of fundamentals and warned against the distraction of new technologies. The ability to manage risk, detect and protect against attacks, and minimize their impact are the basics that enable everything else. These fundamentals "have to become second nature," irrespective of what the adversary does, he said.
There was al ..