• Skip to content
  • Skip to primary sidebar
  • Skip to footer
  • About
  • Contact Us
  • Newsletters
  • Tech Guide
  • Cyber War
  • Pro
  • Members Only
  • Sign in

CTOvision.com

Context for the CTO, CIO, CISO and Data Scientist

You are here: Home / Cyber War / Cyber Threats / We Learn From Death

We Learn From Death

August 2, 2018 by MichaelTanji

Share this:

  • LinkedIn
  • Facebook
  • Twitter
  • Reddit
  • Email

Why are we perpetually surprised (or not, depending on how you look at it) at the failure of so many at both the organizational and individual level to take cybersecurity seriously? I would argue that most people are placing cybersecurity exactly where it should be when it comes to the myriad risks in their lives, and that is unlikely to change until it is far too late for some.

On the radio the other day there was an interview with an airline crash investigator. Airline crashes are rare, and when one happens the investigation defines “comprehensive.” But contrary to what amateurs or outsiders may think, there is really only one reason why an investigation is conducted:

It’s not to let the families know what happened and it’s not to let the lawyers know what happened, it is to prevent this happening again in the future. That’s absolutely the reason for an air crash investigation.

Closure for the families? Don’t care. Assigning blame so lawyers can address issues of liability? Don’t care. I mean, investigators are human beings, they care on one level, but the true motivation for a crash investigation is singular: reducing the probability that what caused this crash ever happens again. I know you don’t pay attention, but airlines have safety briefings for a reason. They de-ice control surfaces for a reason. You can design and engineer and test all day long, but sometimes problems don’t surface until thousands of hours of flight time under real-world conditions has been logged. To that point:

Aviation has never been safer because we have essentially conquered most of the problems that emerged in the first century of commercial flight. But now we’re starting into the second century of commercial flight and there’s all sorts of new and different challenges.

She goes on to point out that one of those challenges is cybersecurity, but it is not necessarily the most pressing challenge. Why? The interview doesn’t get that in-depth but it is worth noting that ransomware-for-cockpits is not a thing; aircrews not groking how automation works is most assuredly a thing.

Stealing credit card numbers, bank account details, social security numbers, medical files, even taking over one’s entire identity doesn’t equate to death. The economics of cybercrime today are such that malicious actors can cause pain, but victims are readily made whole again. In such an environment why would we expect cybersecurity to get better? Why would we expect individuals to care? Why would we expect businesses to do anything more than is absolutely mandated? We don’t catch enough bad guys to provide closure or make a dent in the level of malicious activity. The industry has successfully fought off efforts to assign liability. The system is basically designed to ensure we will remain low-level victims in perpetuity.

We don’t learn from incompetence, we don’t learn from inconvenience, we don’t even learn from pain: we learn from death. Cybersecurity will get better when people die in sufficiently large numbers.“Cyber” has certainly killed, but as callous and morbid as this sounds, it hasn’t killed enough. How much is enough? I suspect a lot more than have died due to pilot error.

Related Topics:

  • Clear And Unambiguous Warning: Cyber Attacks Will Likely Occur On Election Day And May Threaten Our Constitutional System
  • Working in Cybersecurity: Life on the front lines, in the C-suite, and everywhere in-between
  • Airbus confirms software errors/configuration brought down A400M transport plane
  • The Bill Codifying The New Cybersecurity and Infrastructure Security Agency Is Short and Sweet
  • About
  • Latest Posts

MichaelTanji

COO at Senrio
Michael is a former soldier and intelligence officer who at one point managed the DIWS for cyber threat. He has spent most of the last decade starting and running various cybersecurity start-ups.

Latest posts by MichaelTanji

  • We Learn From Death - August 2, 2018
  • Good Cybersecurity is Not Glamorous - June 25, 2018
  • The Wolf is Here - June 18, 2018

Related

Filed Under: Cyber Threats

Start Your Free Two Week Trial of CTOvision Pro



CTOvision Pro is our subscription only research and analysis service which provides exclusive content to enterprise IT professionals. We deliver actionable insights that will make direct contributions to your success.

About MichaelTanji

Michael is a former soldier and intelligence officer who at one point managed the DIWS for cyber threat. He has spent most of the last decade starting and running various cybersecurity start-ups.

Primary Sidebar

Your account

Sign in

Featured Content

Ethical Concerns of AI

CTOvision Assessment on the Megatrend of Cloud Computing

AWS Snowball Edge And Hyper Converged Infrastructure Will Revolutionize Global Enterprises

Smart Cities Cybersecurity Challenge

Inform Your Cybersecurity Strategy With Lessons From July 1861

Secure Enclave Vidder Junaid Islam

Secure Enclaves: Foundation For The Cloud-Based Enterprise

CTOvision Assessment On The Megatrend of Artificial Intelligence

Latest CTOvision Assessments on Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things and Cybersecurity


OODA

CTOvision Pro Free Trial

CTOvision Pro Members Only Section

Disruptive IT finder

CTOevents

CTOvision Mobile

CTOvision Newsletterss

Footer

CTOs on Facebook
CTOs on LinkedIn

CTO Events
CTOvision Mobile App

Free Newsletters and Tech Reports
CTOVision Pro: Exclusive Content
Crucial Point LLC

Copyright © 2019 · Magazine Pro on Genesis Framework · WordPress · Log in

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.