Page 41 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 41
“Know your enemy,” and other
cybersecurity lessons from Sun Tzu’s Art
of War
The key on the cyber battlefield, like on the traditional military battlefield, is understanding
that there will indeed be many battles
By Shmulik Yehezkel (Colonel, res), Chief Critical Cyber Operations Officer at CYE
Security
As a cybersecurity professional and a reserve field officer in the Israeli military, I have found many
valuable insights on the pages of The Art of War, written by the fifth century Chinese military general Sun
Tzu. One particular but often overlooked passage titled “Attack by Stratagem” is particularly relevant
today as we face an infinite number of cyber threats and ever-growing lists of vulnerabilities. More than
ever, we need to prioritize—both what we need to protect in order to keep businesses and organizations
running, and what attackers are likely to target–and this powerful passage that has been guiding warriors
for centuries holds important wisdom on how to do that, and why it is so important:
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know
yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the
enemy nor yourself, you will succumb in every battle.”
Let’s fast forward 3,000 years and break this down in terms of cybersecurity, where we are indeed facing
hundreds of battles everyday.
“Know your enemy”
In our line of work, it is crucial to define and locate potential threats. For example, I have worked in
organizations that did not take the time to understand the impending threat and instead spent their time
building an elaborate defense system to fend off only general and vague persistent threats. Conversely,
I have worked with some of the most sensitive of security teams that were so focused on one particular
threat that they did not dedicate enough resources towards building a comprehensive defense system.
Both examples did not take these simple three words into account.
The key to an effective defense strategy is defining who the threat actor is and what threats they are
making. In cyber terms, this means tracking the threat actors’ TTP, or tactics, threats and procedures, to
learn more about them. But that is not all; organizations must act on the intelligence they have, including
using it to help them hire appropriate cybersecurity professionals. For example, if organizations determine
41