I
n cybersecurity we have long chased resilience—stopping an attack, healing fast, and resuming normal operations. Yet attackers now change tactics daily, so merely bouncing back is insufficient. We must aim for antifragility: systems that grow stronger when stressed.
Nassim Nicholas Taleb introduced “antifragile” in *Antifragile: Things That Gain from Disorder*. While his focus was finance, the idea applies to security: instead of merely surviving shocks, a system thrives because of them. Resilience returns to the status quo; antifragility uses incidents to raise the baseline of protection.
This shift is vital for sectors that hold vast amounts of sensitive financial data, such as mortgage, real estate, and title. At Williston Financial Group (WFG), we face roughly 80,000–120,000 cyberattacks each month, with hundreds of phishing emails, wire fraud attempts, and other intrusions weekly. The relentless nature of these threats shows that maintaining the status quo is no longer enough.
To illustrate antifragility, I often refer to the Japanese art of Kintsugi—repairing broken pottery with gold, turning cracks into prized features. In security, a breach or near miss should not just be patched; it should be leveraged to strengthen defenses. Every incident, no matter how small, becomes a chance to add “gold” to our protective framework.
The distinction matters. Resilience is recovery; antifragility is advancement. Many organizations treat major breaches as lessons learned, updating processes and adding controls. However, routine events—phishing emails caught by filters, employees who almost fell for a link, thwarted wire fraud—are frequently dismissed as noise. In an antifragile mindset, each close call is an incident worth analyzing: Why did it happen? How could it have been worse? What can we change to be better next time? This continuous scrutiny forces attackers to expend more effort with each attempt.
Mortgage and real estate professionals often view cybersecurity as an IT concern, but the industry’s high-value transactions and personal data make it a prime target. A single lapse can erode client trust, trigger regulatory fines, and damage reputation. Antifragility turns every attempted attack into an investment in stronger defenses, turning disruption into a catalyst for improvement.
A recent example: a fraudster used a phone-based phishing scheme instead of the usual email link. An employee answered a call, spoke to a convincing “support agent,” and was persuaded to install remote access software. Our systems contained the damage, but the incident highlighted a new threat vector. We revised response protocols, blocked unnecessary tools, and updated training. The result: we are now better prepared to thwart similar tactics. That is antifragility in practice.
Building an antifragile security program requires commitment to:
1. Treat every event as an opportunity, not just catastrophic breaches.
2. Conduct thorough postmortems, asking why and how to prevent recurrence.
3. Celebrate improvement, not merely recovery—recognize the “gold” added to defenses.
4. Stay dynamic; let each incident shift the baseline, forcing attackers to adapt.
The mortgage and real estate sectors can no longer rely on holding the line. Attack volume and sophistication will rise. Resilience remains important, but antifragility is essential. View each intrusion, phishing attempt, and fraud scheme as a chance to emerge stronger. Like Kintsugi pottery, let your defenses visibly bear the marks of past battles—proof that you did not just survive, but improved.
By embracing antifragility, we protect not only our businesses but also the trust that underpins every mortgage, real estate transaction, and closing.
Bruce Phillips, CISSP, Chief Information Security Officer, Williston Financial Group. This column does not necessarily reflect the opinion of HousingWire’s editorial department and its owners. To contact the editor responsible for this piece: [email protected].
