Thursday July 16, 2020 |Notes

Developing risk silos

There's a natural tendency to keep high valued assets together, presumably under closer watch for safekeeping. This can have the opposite effect and serve to increase risk by making a single point of failure more devastating. The solution is to develop risk silos whereby assets can be separated and a breach doesn't lead to security issues for all high value items at once.

A number of high-profile Twitter accounts were hacked yesterday. Some early analysis suggests this was a coordinated effort to gain access to a "panel" of the highest-profile accounts, including Bill Gates, Elon Musk, Barack Obama. Clearly this wasn't a matter of hacking into the accounts individually. It appears more likely there was a single breach that allowed for accessing all high-profile account. If they hadn't been available from a single point, it's reasonable to suggest the number of accounts hacked would have been drastically lower.

This brings to mind a story about water wells. Recently, there's been a story of potentially contaminated water on Nantucket, my hometown. There are potential carcinogens present in a well. Fortunately, the well is not connected to other wells on the island, and only a small portion of the island is currently at risk because there was a pre-existing risk silo.

Hacks have become an unavoidable side effect of digital commerce. This is not the first and certainly won't be the last. Businesses of all sizes must be aware that risks exist. By disconnecting data sources and separating the highest-value assets, companies can develop risk silos to limit the extent of the damage.

about | contact
twitter github upwork linkedin
© Copyright 2021 All rights reserved.