Based on research by Brett J. L. Landry, PhD, Renita Murimi, PhD, and Greg Bell, PhD.
The cybersecurity landscape is characterized by high uncertainty due to evolving threat vectors, differing consequences of cyber incidents across various environments, and numerous potential causes and solutions. A cybersecurity failure in one setting, such as healthcare, can have distinctly different ramifications than in another, like supply chains. Further complicating matters, modern networks possess complex attack surfaces with countless vulnerabilities, meaning root cause analyses after incidents only identify a small fraction of the actual risk points that attackers could exploit.
To manage this complexity and uncertainty, organizations often employ the anchor-and-adjust heuristic—initially anchoring cybersecurity measures to established industry best practices and standards, such as NIST SP 800, then systematically adjusting these approaches based on changes in threats, compliance needs, or technological advances. This flexible methodology enables organizations to tailor general best practices to their unique environments, maintaining both standardized guidance and the freedom to improvise solutions.
The chapter introduces the concept of equifinality—achieving similar security outcomes through multiple pathways—as a critical element for effective cybersecurity operations. Equifinality encourages configurational logic and improvisation, enabling organizations to dynamically respond to diverse threats. Integrating interdisciplinary approaches, such as bricolage and discontinuous innovation, further enhances cybersecurity resilience. The manuscript underscores how adopting equifinality can improve responsiveness, adaptability, and resilience at individual, organizational, and community levels of cybersecurity.
Key Points
- The notion of a single best method for building cyber resilience is flawed. Instead, cyber resilience should be approached through bundles or combinations of solutions
- Equifinality shows that multiple configurations (or combinations) may lead to the same outcome.
- Cybersecurity incidents and breaches should be analyzed using an equifinality approach, recognizing that similar incidents may arise from different underlying conditions
- Equifinality in cybersecurity operations should be examined along five dimensions: stakeholders, cyber operation bundles, end users, networks, and the threat environment.
Why This Matters
The cybersecurity landscape will neither flatten nor become simpler. Critical vulnerabilities, data breaches, ransomware incidents, and yet-unimagined cyber threats will continue to grow. Security professionals must move beyond viewing assets, protective measures, and vulnerabilities individually, adopting instead an equifinality approach, considering these elements as interconnected bundles.
Achieving this shift involves several practices. First, conduct brainstorming sessions and tabletop exercises that bring diverse perspectives and skills into the solution-building process. Participants can collaboratively explore alternative paths and utilize improvisation to create innovative solutions. Crucially, these exercises must acknowledge the difference between formal policies and procedures and the actual “desire paths” by which processes genuinely unfold in practice.
Moreover, it is essential to evaluate solutions from multiple stakeholder perspectives—individual, organizational, and community—to enhance their agility, responsiveness, and preparedness for emerging cyber threats. By embracing equifinality and improvisation, security professionals enhance their agility, responsiveness, and preparedness for emerging cyber threats.
Based upon the following peer-reviewed manuscript: Landry, B. J. L., Murimi, R., & Bell, G. (2023). Building equifinality and improvisation into effective cyber operations. In F. Adedoyin and B. Christiansen (Eds.), Effective Cybersecurity Operations for Enterprise-Wide Systems (pp. 184-297).
