Ransomware in a triad is the title of a recent cybersecurity article that caught my attention. The same repetitiveness can be found in aviation and dates back to poor radio communications where it was necessary to repeat a message. Repetitiveness such as Mayday! in triplet or Eject! in a triad ensures everyone knows what to do in a critical situation. While using the same term repeatedly is a great way to get readers’ attention and create a sense of urgency, it is far less effective when the concept, the word is meant to represent is poorly defined. So, let’s not fall for the hype of it all – let’s better understand the problem to determine how it can be solved.
By Rich Heimann, Chief AI Officer at Cybraics Inc
First and foremost, we must appreciate that ransomware is a result. Results cannot be replicated or easily mediated if we do not understand the causes. While crying “ransomware” in triads creates a sense of urgency, it fails to tell us anything about the actual crisis, which is a problem. Paradoxically, the attention created by such articles subverts progress because we focus too much on the result instead of understanding the cause. In the case of ransomware, this problem resides within a broader context and a much larger issue called cybersecurity.
Reductionism – break it up to solve it
Reducing problems into smaller problems is reductionism. Reductionism involves breaking down a problem into smaller parts that are more manageable and easier to understand and solve, which is an effective problem-solving strategy. Reductionism is necessary when we cannot solve problems directly or entirely. However, blind reductionism (i.e., focusing exclusively on a partial problem) has a cost, even if reductionism is best suited to solving a specific problem. And this is, a greater problem with ransomware. It does not matter how often we say it if we conceive it as independent of cybersecurity.
Reductionism defines the cybersecurity market. Consider point products that have become very common in cybersecurity and especially popular for many machine learning start-ups. The reason is that it helps early-stage companies get out of the door and provide a complete solution to a partial problem to acquire a customer. However, it comes at the expense of addressing all requirements that might otherwise be met with a multipurpose solution. Therefore, essential aspects of the cyber problem keep falling into blind spots.
Even traditional SIEMs which market themselves as multipurpose solutions are composed of many partial solutions but implemented separately and are therefore reductionist. In the cyber context, smaller parts may include rule and signature-based detection, behavioral analytics based on threat vectors, or indicators of compromise. However, when implemented individually and independently, a solution will adhere to the approach known as separation of concerns.
Separation of concerns
Separation of concerns is a design principle for separating a computer program into distinct sections. Each section addresses a particular concern, but we may lose sight of the overall problem or the entire solution. We cannot get lost in a part of the problem or part of the solution. Instead, we must oscillate between parts of a problem and the whole and thus, between reductionism and holism.
Oscillating between parts of a problem and the whole is vital because practical problem-solving requires understanding where to start and stop. We must figure out the problem, what it means, where it starts and ends. These are boundaries that all need to be understood because boundaries tell you what to do and not to do. Ransomware fails us because it tells us nothing about the problem. If we fail to know anything about the problem, we will not know where to start or stop.
Blind reductionism and fragmentation of both the cybersecurity problem and market are the reasons why the industry needs to focus on the whole problem and still use reductionism to understand each problem. Therefore, the best solution uses a meta-algorithm for distributed learning over the whole cybersecurity problem. Meta-algorithms are important in iterative and adaptive computations that show dispersed and often continuous problem-solving. The general idea of combining information from multiple sources and creating a strong solution by combining and orchestrating many partial solutions can be applied broadly to the cybersecurity problem.
To be sure, ransomware is a severe threat, but it requires broader thinking to prevent. At the same time, this is not a hopeless critique of reductionism. Instead, blind reductionism is a problem if we forget adjacent problems. In other words, for complex problems like cybersecurity, we must reduce problem size to a size small enough to solve, but not forget that they are parts of a much larger problem that needs to be solved. Of course, all that in a triad isn’t as clickable.
About the Author
Rich Heimann is Chief AI Officer at Cybraics Inc. Cybraics is a fully managed cybersecurity company. Founded in 2014, Cybraics operationalized many years of cybersecurity and machine learning research conducted at the Defense Advanced Research Projects Agency.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG, and CISO MAG does not assume any responsibility or liability for the same.