NETWORKS AND APPLICATIONS
“ We need to focus not just on recovery , because recovery is rebuilding from rubble . Resilience is the ability to withstand that attack at a degraded level yet still be able to continue serving business .”
According to Blake , there is an intrinsic flaw with the way that businesses currently perceive , and mitigate , the risk of cyberattacks .
“ This is the security model we ' re all used to – walls and moats . And we build the walls higher and we build the moat wider , but the adversary has the first-mover advantage .”
“ We can only learn what they ' re doing after they ' ve done it . Right ? So , if they think of a new way of doing things , there ' s always a lag . There ' s always a period where our defensive and protective controls won ' t work properly . And , as soon as we build those walls higher and the moats wider , they build better boats or Trojan horses .”
To overcome this cyberattack cycle , Blake recommends that businesses divert their budgets appropriately and intuitively , so that they are prepared for the worst-case scenario and equip their business with the foundations to recover from it .
“ We spend on average 85 – 95 % of our budgets on likelihood reduction , but we spend about 5 – 10 % of our budgets on impact reduction .”
“ So , the way I look at it is , it ’ s like a cardboard tank : we ' re spending all this money on likelihood reduction , and all we ' re doing is making the tank slightly faster , slightly harder to hit . But when you hit it , it ’ s completely destroyed and causes unbelievable amounts of damage .
“ We need to focus on impact , because we are losing the preventionand-detection battle . But that doesn ' t mean we need to lose the overall battle ,” Blake finishes . cybermagazine . com 69