In the field of information security, we have been talking about resilience for a long time. The goal was to withstand an attack, recover quickly and return to normal business. But in today’s environment – where attackers adapt and evolve every day – resilience is no longer enough. We must go further. We must embrace antifragility.
Nassim Nicholas Taleb coined the term ‘antifragile’ in his book Antifragile: Things that benefit from disorder. Taleb’s work, which originally focused on financial risk management, describes systems that not only survive shocks but also improve as a result. Unlike resilience, which aims to return to the status quo, antifragility means that stress, volatility and disruption actually make the system stronger.
This concept struck me as essential for cybersecurity, especially in industries like mortgages, real estate, and titles, where large amounts of sensitive financial and consumer data are constantly targeted. At Williston Financial Group (WFG) we see an average of 80,000 to 120,000 cyber attacks every month. Every week we are confronted with hundreds of phishing emails, bank fraud attempts and other malicious intrusions. The reality is clear: our adversaries are ruthless and the status quo is simply not good enough.
Learning kintsugi
To explain antifragility in a way that resonates, I often use the Japanese art of Kintsugimeaning ‘golden joinery’. I first heard this analogy in a conversation with a colleague at an information security leadership conference, and it immediately struck me. Instead of throwing away broken pottery, Japanese artisans repair the cracks with gold, creating a brand new piece that is stronger, more beautiful and more valuable than the original. The rift is not hidden; it is celebrated as part of the object’s history.
Cybersecurity should function the same way. When we experience a breach, a phishing attempt, or even a suspicious event, we shouldn’t just patch the crack and hope we can get back to “normal.” We must emerge stronger, smarter and better prepared to withstand the next attack. Every incident – big or small – becomes an opportunity to add gold to the cracks in our defenses.
Going beyond resilience
The difference between resilience and antifragility is big.
- Resistance means recovering from an incident, returning to where we were.
- Antifragility means using that incident to make progress – to create a new, stronger foundation of protection.
Most organizations view major breaches as lessons learned. They perform an autopsy, update processes and implement new defense mechanisms. But what about the smaller events – the phishing emails caught by filters, the employee who almost clicked on a malicious link, the attempted but failed wire fraud? Too often these events are dismissed as routine ‘noise’.
In an antifragile model every event is treated as an incident. Every close call requires analysis: why did this happen? How could it have been worse? What can we do differently to ensure we are better next time? This mentality ensures that we continually tighten our defenses and turn every attack into intelligence that forces opponents to work harder with every attempt.
Why it matters for mortgages and real estate
For mortgage and real estate professionals, cybersecurity may seem like a background issue, something the IT team handles. But the truth is that our sector is particularly attractive to cybercriminals. Bank transfers, personal financial data and large sums of money in rapid circulation make us prime targets.
The consequences of even a single mistake can be devastating: eroded customer confidence, financial loss, regulatory scrutiny and reputational damage. In an antifragile model, however, every attack attempt becomes an investment in a stronger defense. Rather than fearing disruption, we use it to continually improve the way we protect our businesses and customers.
A practical example
Consider a recent incident where a fraudster used a phone phishing trick instead of the usual email link or attachment. An unsuspecting user called the number, spoke to a convincing ‘support agent’ and was persuaded to download remote access software. Although our systems limited the damage, the lesson was clear: the threat landscape is constantly changing.
Instead of simply recovering, we changed our response protocols, blocked unnecessary tools, and adjusted our training. The result: we are now better equipped to prevent the same tactics from succeeding again. That is antifragility in action.
Building antifragile security programs
To build antifragile systems, organizations must commit to:
- Treat every event as an opportunity. Don’t wait for a catastrophic breach. Also learn from the little things.
- Consistently performing postmortems. Ask not only what happened, but also why – and what new measure can prevent a recurrence.
- Celebrating improvement, not just recovery. Just as Kintsugi highlights the gold-filled cracks, recognize and embrace the ways in which your defenses are stronger after each test.
- Stay dynamic. Cybersecurity is not static. Each event should shift your baseline, forcing attackers to work harder each time.
The call to action
Cybersecurity in the mortgage and real estate industries can no longer just be a matter of toeing the line. The volume and sophistication of attacks will only increase. Resilience is important, but antifragility is essential.
We should not see every break-in, every phishing attempt, and every fraud scheme as a setback, but as an opportunity to emerge stronger. Like the pottery of Kintsugi, our defenses must bear the marks of past battles: a visible reminder that we have not only survived, but improved.
By embracing antifragility, we don’t just protect our businesses. We develop them. And in doing so, we protect the trust that is at the heart of every mortgage, every real estate transaction and every closing.
Bruce Phillips, CISSP, is Chief Information Security Officer at Williston Financial Group.
This column does not necessarily reflect the opinion of HousingWire’s editorial staff and its owners. To contact the editor responsible for this piece: [email protected].
Related
#Resilience #Antifragility #Rethinking #Cybersecurity #Real #Estate #Mortgage #Professionals