Businesses must "embrace chaos" to improve cyber resilience

RSA's CEO on what Netflix's internal network disruptor and the WannaCry hack can teach the security industry

It is no longer enough to "be resilient" when it comes to cyber security, the CEO of the RSA said on Monday.

On the first day of the organisation's annual conference, RSA 2021, Rohit Ghai said that companies must become "good" at resilience by "embracing chaos". 

Ghai highlighted the importance of strong cyber resilience, citing recent attacks, their unlikely origins and their tragic consequences. For example, 2020 saw the first death as a result of ransomware after hackers shut down a hospital in Berlin, along with a massive scale Twitter hack that affected CEOs, celebrities and even former US presidents that was orchestrated by a 17-year-old

Last year also saw more and more people tune into services like Netflix for lockdown entertainment, with 34 million people watching Tiger King in its first 10 days on the platform. But how Netflix maintains a resilient IT network and avoids downtime is a good example of "embracing chaos", according to Ghai. 

"In 2011, Netflix was preparing to move its content from the data centre to the cloud," Ghai said. "They knew availability and performance were critical to user experience and they had to design a fault-tolerant architecture within an environment they didn't fully control. So they invented something called 'Chaos Monkey." 

This is an automated system that randomly terminates instances or computers on the Netflix network to test how resilient they are. By regularly "killing" random software services, Netflix suggests it is possible to test a redundant architecture and verify whether a server failure would noticeably impact customer experience.  

"By bringing in and building in chaos, this tool accounted for a common type of failure and ensure graceful degradation and survival without any impact, in fact, simulating creation of the Netflix, simian army, a collection of tools to help prepare for chaos," Ghai added.

Another area of chaos to embrace is through recruitment, according to Ghai. For the security industry to grow its community in a way that improves resilience, he "implored" the consideration that organisations employ hackers from 'chaotic' backgrounds, such as WannaCry hero, Marcus Hutchins

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

"When he was nine, Marcus took apart his family's computer and the code that operated it," Ghai said. "At 14 he created a password stealer. At 15, he ran a botnet of more than 8000 hacked computers. And then in 2017, he was the individual that found the kill switch for the WannaCry worm, saving the internet. 

"It wasn't a straight and narrow path for Marcus. Though he eventually worked his way into a legitimate cybersecurity career, he was on the dark side but became a grey hat. In 2017. He was arrested and faced trial for his past mistakes. The judges lenient sentence acknowledged his remarkable contribution." 

Ghai called it an "act of inclusion and profound wisdom" which showed that the industry needed to find ways to included bright minds and attract them into the security community. 

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022