Businesses must "embrace chaos" to improve cyber resilience

RSA's CEO on what Netflix's internal network disruptor and the WannaCry hack can teach the security industry

It is no longer enough to "be resilient" when it comes to cyber security, the CEO of the RSA said on Monday.

On the first day of the organisation's annual conference, RSA 2021, Rohit Ghai said that companies must become "good" at resilience by "embracing chaos". 

Ghai highlighted the importance of strong cyber resilience, citing recent attacks, their unlikely origins and their tragic consequences. For example, 2020 saw the first death as a result of ransomware after hackers shut down a hospital in Berlin, along with a massive scale Twitter hack that affected CEOs, celebrities and even former US presidents that was orchestrated by a 17-year-old

Last year also saw more and more people tune into services like Netflix for lockdown entertainment, with 34 million people watching Tiger King in its first 10 days on the platform. But how Netflix maintains a resilient IT network and avoids downtime is a good example of "embracing chaos", according to Ghai. 

"In 2011, Netflix was preparing to move its content from the data centre to the cloud," Ghai said. "They knew availability and performance were critical to user experience and they had to design a fault-tolerant architecture within an environment they didn't fully control. So they invented something called 'Chaos Monkey." 

This is an automated system that randomly terminates instances or computers on the Netflix network to test how resilient they are. By regularly "killing" random software services, Netflix suggests it is possible to test a redundant architecture and verify whether a server failure would noticeably impact customer experience.  

"By bringing in and building in chaos, this tool accounted for a common type of failure and ensure graceful degradation and survival without any impact, in fact, simulating creation of the Netflix, simian army, a collection of tools to help prepare for chaos," Ghai added.

Another area of chaos to embrace is through recruitment, according to Ghai. For the security industry to grow its community in a way that improves resilience, he "implored" the consideration that organisations employ hackers from 'chaotic' backgrounds, such as WannaCry hero, Marcus Hutchins

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

"When he was nine, Marcus took apart his family's computer and the code that operated it," Ghai said. "At 14 he created a password stealer. At 15, he ran a botnet of more than 8000 hacked computers. And then in 2017, he was the individual that found the kill switch for the WannaCry worm, saving the internet. 

"It wasn't a straight and narrow path for Marcus. Though he eventually worked his way into a legitimate cybersecurity career, he was on the dark side but became a grey hat. In 2017. He was arrested and faced trial for his past mistakes. The judges lenient sentence acknowledged his remarkable contribution." 

Ghai called it an "act of inclusion and profound wisdom" which showed that the industry needed to find ways to included bright minds and attract them into the security community. 

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Hackers breach a San Francisco water treatment plant
Security

Hackers breach a San Francisco water treatment plant

18 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021