When we think about future occurrences, they are a culmination of past occurrences. When things fall apart, they were once together. When things come together, they were once apart.
So, why is this important? And why is this important in the determination of risk?
Most approaches to determining the root cause of tragedy, or the root cause of breach, are based on the following approach:
1. Come in, inspect the evidence, determine motivation and actors involved. (simplified version).
2. Paint the composite and leverage that as the source of defensible truth. This is how we as a society take on these tasks, with the end game of attribution and ideally
some sort of punishment.
The problem with that approach in a hyper-digital age is this:
1. Prior to any occurrence, the data points existed in advance. Every communication, every action, every available resource was all there in advance. We just aren’t good as humans at putting them together prior to an incident.
2. The retrospective approach, did not stop the incident from occurring. While beneficial to create attribution, and potentially for modeling future incidents From taking shape, it is still retrospective.
The reality is, cyber and most other types of risk can be examined in advance. Prior to the occurrence. The data already exists. The conditions for an incident are set from the moment an adversary joins an initiative. The wheels of risk are in motion, almost always to be told only after. We as a society can do better. We have the data, we have the intelligence, we have the technical means to see risk in a new light, one that accounts for every action preceding every action.