Going Medieval

            In building our cyber capabilities, we can look to the development of medieval fortifications as a
            compelling analogy. Early defenses were primarily designed to counteract localized raids and
            small-scale  warfare.  These  wooden  fortifications  provided  quick,  cost-effective  protection
            against attackers lacking advanced siege equipment. However as offensive threats evolved, so
            did the must-have features of the fortifications. Stone replaced wood. Wider moats, taller towers,
            and  arrow  slits  were  added  to  resist  more  capable  attackers.  This  continuous  process  of
            innovation, adaptation, and improvement is a blueprint for the iterative approach necessary to
                                            st
            do business securely in the 21  century.



            Embracing Iterative Security

            Think of the hapless feudal lord who pitched building a massive stone structure to their king in
            response to spear-wielding, local bandits.  “Milord, for a mere 50,000 sovereigns, we will be safe
            from these brigands in a mere 10-years’ time!”       Not only did their funding request likely get
            denied, but their town also likely got sacked while getting estimates from the stone masons.

            Iterative  security  is  about  continually  adapting  security  measures  in  response  to  the  current
            landscape  of  threats  and  vulnerabilities  while  evaluating  emerging  threats.    This  approach
            acknowledges that cybersecurity is a journey, not a destination.  It acknowledges the uncertainty
            of  likelihood  and  impact  in  risk  calculations  and  factors  that  into  prevention  and  detection
            strategies.    Not  every  threat  warrants  a  best-in-class  platform  and  top-flight  resources  in
            response.  Sometimes, open-source tools running on the intern’s laptop is good enough.




            Benefits of Iterative Security

               •  Speed: Iterative security allows organizations to respond swiftly to emerging risks.  A
                   complete fortification of wooden walls is far better than a half-finished wall of stone.  In
                   cybersecurity, it’s common that the best response to a new threat is visibility.  This can
                   be  done  quickly  and  easily,  answering  questions  like,  “How  big  is  the  problem?”  and
                   “What is our exposure?”
               •  Focus: This approach allows organizations to prioritize and address the most critical risks
                   first, much like how the most vulnerable parts of a castle were reinforced first.  Lesser
                   threats  can  remain  in  “visibility-only  mode”  until  the  threat  level  warrants  further
                   investment.
               •  Innovative:  Iterative  security  fosters  an  environment  where  innovation  thrives.    New
                   attacks spawn new ideas and new solutions.  Just as medieval castles evolved over time







            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          76
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.