Humor helped somebody to become a president, and once it helped me at a Startup Crash Test event to win Nassim Taleb’s The Black Swan paper book. At the time, I was reading e-books, and this book had been dusting on the shelf for about a year until my electronic “reader” broke down. Running my eyes over the bookshelf, I noticed the price tag on Taleb’s book, I thought: “An expensive book should be interesting” and decided to read it. As a result – I recommend this book to many people, claiming that it is one of the few books that has slightly “hacked” my brain 🙂.
“Black Swans” by the definition of the author of the book are difficult to predict and rare events that have significant consequences. They can be terrorist attacks on September 11, 2001, financial crises of 2008 scale, large-scale cyber-attacks (for example, the attack of notPetya through M.E.Doc 2017 in Ukraine). Another indicator of the “The Black Swan” is that after it appeared, the event has a rationalistic explanation, as if it was expected (experts talk about how it could have been avoided).
The size of Black Swans may vary – from world scale to human or one company level. They can appear in any area, including cybersecurity, which is more closely related to me, and about which I will continue talking. Cyberattacks in the world are among the top 10 in terms of criticality for both business (according to Allianz) and humanity as a whole (according to WEF), so their emergence for any organization is undesirable. Private businesses and government organizations are building cybersecurity to defend themselves against cyberattacks, but successful hacking continues and some are causing enormous damage. It sometimes happens “thanks” to negligence or unprofessionalism, and sometimes “thanks” to the Black Cyber Swans.
Although Black Cyber Swans cause significant damage and/or loss, their frequency (probability) is relatively low. Therefore, building expensive cyber-protection systems for such rare occasions is economically unprofitable for most businesses (the resulting risk is not so high). Rapid detection of cyberattacks and the same response to them is the main goal of the cyber defense components developers. Okay, we have already learned how to react, but how to quickly identify – this is another problem that pushed researchers to invent a class of devices called “honeypots” (traps for evil hackers and insiders) many years ago. Over the years, Honeypot technologies have evolved, become scalable, and more flexible in configuration (the updated name of the technology – Deception devices, Deception tools), which increased their cost and complexity of configuration.
“White” hackers from South Africa (Thinkst) saw this as a challenge and decided to make quick detection of cyber-attacks cost-effective. For this purpose, they created devices that are inexpensive, easy to configure and maintain (do not require additional training of specialists and their labor when servicing equipment). And they succeeded! They named their devices after the birds that saved miners from poisoning with toxic gas – canaries, Canary. The devices are inexpensive, very easy to set up and maintain, which attracted the attention not only of world-famous corporations, but also small companies around the world.
Perhaps only in the cybersecurity area, a small canary can fight huge black swans 🙂.