• Office Hours : 08:00 - 17:30

Businesses must “embrace chaos” to improve cyber resilience

It is no longer enough to “be resilient” when it comes to cyber security, the CEO of the RSA said on Monday.

On the first day of the organisation’s annual conference, RSA 2021, Rohit Ghai said that companies must become “good” at resilience by “embracing chaos”. 

Ghai highlighted the importance of strong cyber resilience, citing recent attacks, their unlikely origins and their tragic consequences. For example, 2020 saw the first death as a result of ransomware after hackers shut down a hospital in Berlin, along with a massive scale Twitter hack that affected CEOs, celebrities and even former US presidents that was orchestrated by a 17-year-old

Last year also saw more and more people tune into services like Netflix for lockdown entertainment, with 34 million people watching Tiger King in its first 10 days on the platform. But how Netflix maintains a resilient IT network and avoids downtime is a good example of “embracing chaos”, according to Ghai. 

“In 2011, Netflix was preparing to move its content from the data centre to the cloud,” Ghai said. “They knew availability and performance were critical to user experience and they had to design a fault-tolerant architecture within an environment they didn’t fully control. So they invented something called ‘Chaos Monkey.” 

This is an automated system that randomly terminates instances or computers on the Netflix network to test how resilient they are. By regularly “killing” random software services, Netflix suggests it is possible to test a redundant architecture and verify whether a server failure would noticeably impact customer experience.  

“By bringing in and building in chaos, this tool accounted for a common type of failure and ensure graceful degradation and survival without any impact, in fact, simulating creation of the Netflix, simian army, a collection of tools to help prepare for chaos,” Ghai added.

Another area of chaos to embrace is through recruitment, according to Ghai. For the security industry to grow its community in a way that improves resilience, he “implored” the consideration that organisations employ hackers from ‘chaotic’ backgrounds, such as WannaCry hero, Marcus Hutchins

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardThe definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

“When he was nine, Marcus took apart his family’s computer and the code that operated it,” Ghai said. “At 14 he created a password stealer. At 15, he ran a botnet of more than 8000 hacked computers. And then in 2017, he was the individual that found the kill switch for the WannaCry worm, saving the internet. 

“It wasn’t a straight and narrow path for Marcus. Though he eventually worked his way into a legitimate cybersecurity career, he was on the dark side but became a grey hat. In 2017. He was arrested and faced trial for his past mistakes. The judges lenient sentence acknowledged his remarkable contribution.” 

Ghai called it an “act of inclusion and profound wisdom” which showed that the industry needed to find ways to included bright minds and attract them into the security community. 

Featured Resources

Shaping the workplaces of the future

Rise to the challenge

Download now

Enabling a hybrid future

A guide to setting up new working practices

Download now

Seven steps to successful digital innovation and transformation

What to invest in and what to avoid when pursuing digital transformation

Watch now

Defend your organisation from evolving ransomware attacks

Learn what it takes to reduce risk and strengthen operational resiliency

Download now

See the original article here: ITPro