Why a 'Near Miss' Database Is Key to Improving Information Sharing

Two security experts explained why success stories should get the same amount of attention This article explores near misses evidence. . Shame, finger-pointing, and punishments from regulators all make things less clear.

Sharing information is an important part of fighting cyber threats and staying ahead of them. Wendy Nather, senior research initiatives director at 1Password, said, "A near miss is anything that almost happened that makes you say, 'Wow, if it hadn't happened, it would have been really bad.'" Bob Lord, head of the consumer working group at hacklore.org, said, "Not using a near miss as an excuse to go through the whole incident response plan is a big waste of time."

The speakers agreed that people are mostly to blame, not the systems and technologies that businesses use, and they all agreed that this is a problem. Lord said that human error should start the investigation, not end it. When there is pressure, efficiency, and competing goals, systems naturally move toward higher risk.

Getting rid of the blame game when people make mistakes could help people share information more effectively. Hearing real-life stories from people is better than hearing a set of standard facts. The data set could show what almost happened, what stopped it, which control was important, and which assumptions were wrong. From there, lessons and trends could be shared without naming names.

Nather and Lord want to change near misses from "evidence of confidence, not weakness" to "evidence of safety and security. ""Whenever you want to blame someone for a near miss, it's a sign that you should look more closely at the system, not the person," Nather said. Nather said, "Trust happens between people, not between groups."

"We want to make sure that people feel safe enough to tell company executives about near misses," he said.