The Art of War by Sun Tzu is among the most famous works on military strategy. Over the coming weeks, Accellis will adapt many of these timeless lessons to the modern cybersecurity theater. By understanding fundamentals of security and military theory, firms will be in a better position to respond to these threats.
Sun Tzu said, “…the clever combatant looks to the effect of combined energy.”
Compound interest is a widely understood concept: it is the interest earned on investment plus all the interest earned on the interest that has accumulated over time. If you deposit $10,000 at 5% simple interest for three years, the total interest paid to you is $1,500 whereas the same $10,000 compounded pays interest of $1,576.25. The effects intensify the longer you invest.
In the theater of war, one must employ resources to their maximum potential. Let us say, by way of analogy, that one must seek out compound interest returns relative to simple interest returns in order to put oneself, “…beyond the possibility of defeat…” Failure to do so can have dramatic consequences.
The Siege of Nuremberg (1632) was lost by Swedish forces, despite having 25% more troops than the Holy Roman army, because Gustav Adolf had neglected to bring adequate supplies to the city which was later blockaded by Wallenstein. Hitler lost 330,000 men after his fateful mistake of diverting the 4th Panzer Army from the main advance at Stalingrad. Henry V was saved when Charles d’Albret foolishly attacked over a field of sticky clay mud. Both armies had about 12,000 men. Several thousand Frenchmen were killed while as few as 100 Englishmen were slain.
Many of the great military blunders of history pivot, some more than others, on the failure to recognize the compound effects of combined energy. Thus, Sun Tzu also says,
“Thus the energy developed by good fighting men is as the momentum of a round stone rolled down a mountain.”
Employing your limited security resources efficiently is key to your success. To amplify your security, leverage defense in depth. DiD is the staggering of defensive fortifications which act as safety nets for each other. It is one thing to have to pick a lock to get in. It’s another to have to pick the lock, turn off the motion detectors, neutralize the alarm, incapacitate the guard, break into the safe, and get out in three minutes before the police arrive.
See also the end of today’s quote,
“Thus the clever combatant looks to the effect of combined energy and does not require too much from individuals.”
Firms should not be over-reliant on exceptional individuals to identify and neutralize threats. Rather, train your entire company, offer ongoing education, implement incentives and policies, and, most importantly, install systemic defenses. If you rely on perfection from your individuals, start diverting resources to your ransom-fund today. You’ll need it. If, however, you take a majority of the security responsibility off the backs of individuals by implementing systems-based, automated controls, this in turns allows individuals to specialize in their security knowledge increasing return on security investment. It is the story of Adam Smith’s pin maker, all over again.
Our next posts will include lessons drawn from the following famous quotes:
- Sun Tzu said, “…a clever fighter is one who not only wins, but excels in winning with ease.”
- Sun Tzu said, “…all men can see the tactics whereby I conquer, but what none can see is the strategy.”
- Sun Tzu said, “There are roads which must not be followed, armies…not attacked, towns… not besieged, positions… not contested, [and] commands of the sovereign which must not be obeyed.”