The Art of War by Sun Tzu is among the most famous works on military strategy. Over the coming weeks, Accellis will adapt many of these timeless lessons to the modern cybersecurity theater. By understanding fundamentals of security and military theory, firms will be in a better position to respond to these threats.
Sun Tzu said, “…Supreme excellence consists in breaking the enemy’s resistance without fighting.”
It is good to respond quickly to server downtime, but it is better to prevent server downtime in the first place. It is good to defend oneself against an attack by bracing for impact, but it is better to get out of the way. The best outcome of a war is that it ends before it begins.
Imagine an army marches a thousand miles and expends significant resources in order to pilfer farms, armories, and banks in a neighboring territory. When they arrive, they find no grain, no guns, and no gold. This is breaking the enemy’s resistance without fighting.
“To be near the goal while the enemy is still far from it, to wait at ease while the enemy is toiling and struggling, to be well-fed while the enemy is famished: –This is the art of husbanding one’s strength.”
The husbandry of our own security requires we use our own energies wisely and waste the energies of hackers, rouge nations, ex-employees, and competitors.
“Hence a wise general makes a point of foraging on the enemy. One cartload of the enemy’s provisions is equivalent to twenty of one’s own… This is called, using the conquered foe to augment one’s own strength.”
We all can win battles without fighting, just as we can all spend a hacker’s money for them by putting distance (expense) between us. To put a small twist on a popular meme:
Your intern can’t accidentally give hackers your QuickBooks database, if he doesn’t have access to the drive it resides on. He can’t be careless with a customer’s SSN, if you don’t intake SSNs. He can’t start using a flash drive he found in the parking lot if you disable his ability to use external media.
You can’t wire a settlement award to the wrong firm if your wire transfer policy requires multiple signatures and a physical phone call to a trusted point of contact. Employees won’t save documents locally for later use if you adopt a better solution via the cloud version of your DMS. So on and so forth.
In summary, minimize the value that can extracted from your site by carefully evaluating what you do and do not need, and maximize the cost to a would-be attacker by taking a strategic approach to IT and implementing strong controls. This is breaking the enemy without firing a shot.
Our next posts will include lessons drawn from the following famous quotes:
- Sun Tzu said, “…the clever combatant looks to the effect of combined energy.”
- Sun Tzu said, “…a clever fighter is one who not only wins, but excels in winning with ease.”
- Sun Tzu said, “…all men can see the tactics whereby I conquer, but what none can see is the strategy.”