The Art of War by Sun Tzu is among the most famous works on military strategy. Over the coming weeks, Accellis will adapt many of these timeless lessons to the modern cyber security theatre. By understanding fundamentals of security and military theory, firms will be in a better position to respond to these threats.
Sun Tzu said, “…He wins battles by making no mistakes…making no mistakes is what establishes the certainty of victory.”
Beyond defeat. That is the message of Art of War. We have written on this topic before, see: “…if you know the enemy and know yourself, you need not fear the result of a hundred battles.”
There are two more quotes worth sharing:
“The good fighters of old put themselves beyond the possibility of defeat, and then waited for an opportunity of defeating the enemy.”
Certainty of victory is established by a multiplicity of factors: a well formed army, sufficient training, excellent leadership, superior decision making, and so on. Preparation for these factors is how the good fighters of old put themselves beyond defeat. They took time to understand the needs of their time and place, and then delivered.
Take, for example, a sporting event in which the clearly better team loses on a fluke play or a bad call. In this case, almost none of the league’s top managers will give credit to the fluke play. Fans will, but not the managers. Almost invariably, good managers recognize that their team lost because they did not put themselves in a position to close out the game victoriously (i.e., turnovers, unforced errors, bad penalties, unsportsmanlike conduct, etc.).
“…making no mistakes is what establishes the certainty of victory, for it means conquering an enemy that is already defeated.”
As the diagram makes plain, teams with the highest turnover rates tend to consistently lose. Turnovers are serious mistakes. Hence, preventing them helps teams establish a certainty of victory and an imperviousness to the vicissitudes of the moment or game.
No cybersecurity firm can fully prepare you for what’s out there, just as no coach can actually play for his or her players. We perform vulnerability management and training for tons of law firms; but we can’t actually do the bookkeeper’s job, hence this introduces the possibility of the employee opening a spam email.
Preparedness and knowledge of conditions in the field are absolutely vital to your success. If your firm houses SSNs but never uses them, discard this information and stop taking it during client intake. This would be like kneeling to run down clock time rather than running the ball. It’s safer.
Minimizing exposure to risk at all times is key to preventing errors. Wherever and whenever possible, replace human decision making with automation and staggered defensive fortifications. For instance, activate an external antispam filter to prevent spam from tempting your employees in the first place.
Outside the necessary precautions common to all firms (i.e., IT policies, training, patching, vulnerability management, etc.), your top threat will almost always be the mistakes you and your employees make. Prevent these, and you are well on your way to conquering an enemy who is already defeated.
Our next posts will include lessons drawn from the following famous quotes:
- Sun Tzu said, “…supreme excellence consists in breaking the enemy’s resistance without fighting.”
- Sun Tzu said, “…the clever combatant looks to the effect of combined energy.”
- Sun Tzu said, “…a clever fighter is one who not only wins, but excels in winning with ease.”
¹ Rudy, Kevin. “A Statistical Look at How Turnovers Impacted the NFL Season.” The Minitab Blog. 17 January, 2014.
² Probabilities happen to be a finicky area of analysis. Cleveland was the first team, out of 33 like contests, to win a NBA championship after going down 3-1 in a Finals series. The point about the hypothetical NFL contest is not statistical, football related or about predicting the winner of future competitive contests. It’s about demonstrating the significant link between making mistakes and losing. As Hayek makes clear, there would be no point in competing if we knew beforehand who would win.