Businesses must "embrace chaos" to improve cyber resilience

RSA's CEO on what Netflix's internal network disruptor and the WannaCry hack can teach the security industry

It is no longer enough to "be resilient" when it comes to cyber security, the CEO of the RSA said on Monday.

On the first day of the organisation's annual conference, RSA 2021, Rohit Ghai said that companies must become "good" at resilience by "embracing chaos". 

Ghai highlighted the importance of strong cyber resilience, citing recent attacks, their unlikely origins and their tragic consequences. For example, 2020 saw the first death as a result of ransomware after hackers shut down a hospital in Berlin, along with a massive scale Twitter hack that affected CEOs, celebrities and even former US presidents that was orchestrated by a 17-year-old

Last year also saw more and more people tune into services like Netflix for lockdown entertainment, with 34 million people watching Tiger King in its first 10 days on the platform. But how Netflix maintains a resilient IT network and avoids downtime is a good example of "embracing chaos", according to Ghai. 

"In 2011, Netflix was preparing to move its content from the data centre to the cloud," Ghai said. "They knew availability and performance were critical to user experience and they had to design a fault-tolerant architecture within an environment they didn't fully control. So they invented something called 'Chaos Monkey." 

This is an automated system that randomly terminates instances or computers on the Netflix network to test how resilient they are. By regularly "killing" random software services, Netflix suggests it is possible to test a redundant architecture and verify whether a server failure would noticeably impact customer experience.  

"By bringing in and building in chaos, this tool accounted for a common type of failure and ensure graceful degradation and survival without any impact, in fact, simulating creation of the Netflix, simian army, a collection of tools to help prepare for chaos," Ghai added.

Another area of chaos to embrace is through recruitment, according to Ghai. For the security industry to grow its community in a way that improves resilience, he "implored" the consideration that organisations employ hackers from 'chaotic' backgrounds, such as WannaCry hero, Marcus Hutchins

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

"When he was nine, Marcus took apart his family's computer and the code that operated it," Ghai said. "At 14 he created a password stealer. At 15, he ran a botnet of more than 8000 hacked computers. And then in 2017, he was the individual that found the kill switch for the WannaCry worm, saving the internet. 

"It wasn't a straight and narrow path for Marcus. Though he eventually worked his way into a legitimate cybersecurity career, he was on the dark side but became a grey hat. In 2017. He was arrested and faced trial for his past mistakes. The judges lenient sentence acknowledged his remarkable contribution." 

Ghai called it an "act of inclusion and profound wisdom" which showed that the industry needed to find ways to included bright minds and attract them into the security community. 

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021