What can cyber security professionals learn from Sun Tzu’s ‘The Art of War’?

What can cyber security professionals learn from Sun Tzu’s ‘The Art of War’?

Cyber warfare can be compared with Chinese soldiers fighting in battle in the Hang Dynasty

Warfare, after land, sea, air and space, has entered the fifth domain: cyberspace. Cyber warfare is a reality. Yet, how studied are security technicians in the history of battle and war strategy?

As part of our cyber warfare focus at TEISS, we recently met with Chris Pogue, Head of Services, Security, and Customer Integration at Nuix, who explained how the ancient teachings of Sun Tzu can prepare enterprises for the war on cybercriminals. 

Chris highlighted a mantra he's always stuck to from the ancient military treatise The Art Of War, "If you know the enemy and know yourself, you need not fear the result of a hundred battles." 

This cardinal rule forms the genesis of the Nuix Black Report – a survey of professional hackers which examines the security landscape from their perspective.  

In an attempt to figure out what is continually going wrong with our cyber security, Chris rigorously studied a range of security strategies and realised that there is always someone missing from the table. The legal team is there, IT is represented, there'll be a risk officer – but who is never there? The adversary. 

Also of interest: Breaking into the mind of a hacker

Know thy cyber enemy

"We call it social lubricant or liquid diplomacy," Chris explains. He conducted his research for the Black Report in an unconventional way - by throwing a party. "We went to DEFCON and threw a party with an open bar for hackers hoping to receive some answers from the people who are not conventionally at the boardroom table." 

Chris highlights: "We do a good job of knowing ourselves; we know our weaknesses and we know what we should do – but we don’t know our enemy." He continues to say that we presuppose or superimpose what we believe onto the cyber warfare adversary and think that’s what they're going to do, as opposed to researching the enemy properly and asking them directly what they are going to do.  

By bringing the hackers to the table, Chris gained unique insights around the current threat landscape and practical steps organisations can take to combat cyber-attacks. Some of the results he expected, but others came as a surprise. For instance, hackers admitted that patch management is the number one security barrier; hacking into a system is not difficult – they exploit vulnerabilities to get into the system – but when patches are in place, the adversary has to look harder and longer. 

Other research garnered was that data breaches take an average of 250–300 days to detect—if they’re detected at all—but most attackers admit they can break in and steal the target data within 24 hours. 

Chris is the author of the Nuix Black Report – a survey of professional hackers which examines the security landscape from their perspective. One of the key predictions from the Black Report was the emergence of ransomware-as-a-service.  


Copyright Lyonsdown Limited 2021

Top Articles

WhatsApp's New Privacy Policy Deadline Has Arrived

At the start of 2021, WhatsApp announced its privacy policy updates, sparking outrage and backlash from its consumers as WhatsApp will share personal information with its parent company, Facebook.

Overcoming the security challenge in remote working environments

The pandemic has changed the way we work. Remote working is no longer a nice-to-have for organisations, but a necessity especially if they want to attract the best talent.

President Biden pens Executive Order to boost US cybersecurity

US President Joe Biden signed an Executive Order this week to boost the cyber security of federal government systems and data.

Related Articles