{"id":109377,"date":"2020-04-15T06:00:00","date_gmt":"2020-04-15T13:00:00","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=109377"},"modified":"2020-04-21T14:14:20","modified_gmt":"2020-04-21T21:14:20","slug":"cyber-canon-black-box-thinking","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2020\/04\/cyber-canon-black-box-thinking\/","title":{"rendered":"Book Review: \"Black Box Thinking\""},"content":{"rendered":"

Cybersecurity Canon Candidate Book Review:<\/b> \u201cBlack Box Thinking\u201d by Matthew Syed, (published September 8, 2015)<\/span><\/p>\n

Book Reviewed by:<\/b> Kaoru Hayashi, Field CSO Japan, Palo Alto Networks, Oct 25, 2019.<\/span><\/p>\n

Bottom Line: <\/b>I don't recommend this book for the Cybersecurity Canon Hall of Fame, but if you are interested in the topic, this is a good one to read.\u00a0<\/span><\/i><\/p>\n

Review:<\/b><\/p>\n

Mathew Syed, a British columnist and writer for \u201cThe Times\u201d newspaper, writes \u201cBlack Box Thinking\u201d about how people and organizations learn from failure. This book covers various studies of individuals and organizations, such as the aviation and medical industries, and how they overcame failure. Similar to cybersecurity, these industries experience some truly advanced attacks that cannot be prevented. However, most security incidents are caused by simple mistakes, such as misconfigurations, using weak passwords or forgetting to apply updates to fix vulnerabilities. We see these common failures or mistakes repeated all over the world. This isn't a cybersecurity book, but it can help guide those who want to build a safer and more high-performance organization.<\/span><\/p>\n

The key messages of the book are: \"Black<\/span><\/p>\n

    \n
  1. To succeed and progress you need to learn from failure.<\/span><\/li>\n
  2. Appropriate systems, culture, ways of thinking and methods are necessary for learning.<\/span><\/li>\n
  3. Pay attention to elements of psychology and organizational culture that hinder learning.<\/span><\/li>\n
  4. Share what you learn with the industry.<\/span><\/li>\n<\/ol>\n

    There are a number of key concepts and topics in \u201cBlack Box Thinking,\u201d and here are a few that are important for cybersecurity:<\/span><\/p>\n

     <\/p>\n

    System and Workflow<\/b><\/h4>\n

    A single mistake can be fatal to an aircraft, so the aviation industry tries to automatically acquire as much data as possible. If something happens, the procedure is to analyze the data, investigate the cause and take immediate action to prevent the same failure from happening again. The \"Black Box\" in the title of this book is the flight recorder on the plane. It creates the most important record for investigating the root cause of an aviation accident.<\/span><\/p>\n

    In cybersecurity, it is also important to create a cycle in which records are automatically recorded as much as possible and analyzed in the event of an error.<\/span><\/p>\n

    One interesting point Syed makes in the book is that to learn from failure, you need to consider not only the data you can get but also the data you can't collect. It\u2019s not possible to obtain and retain all necessary data for technical, economic and other reasons, but it is very important to understand the data that you have and the data that you do not have at the time of analysis.\u00a0 This helps you investigate the causes of an issue and allows you to build more effective response measures moving forward.<\/span><\/p>\n

     <\/p>\n

    Mindset and Culture<\/b><\/h4>\n

    In order to succeed, it is necessary to learn through trial and error. As such, successful people have a positive attitude toward failure because they know that they can experience meaningful evolution by facing failure directly and repeatedly trying again. Growth mindset and growth culture help us unlock the potential of individuals and organizations.<\/span><\/p>\n

    There is no complete security. Even if you achieve a certain level of security, it cannot be a permanent solution. Organizations and human behavior cannot be predicted, and what is required of security will change according to the times and circumstances. Security is an iterative process, and organizations need to institute a mindset of improving productivity and security through embracing new challenges, rather than fearing change or failure.<\/span><\/p>\n

     <\/p>\n

    What Prevents Learning from Failure<\/b><\/h4>\n

    Syed also explains various human factors that hinder learning from failure.<\/span><\/p>\n