The basic elements of security have been thought through ages ago. The most known doctrine on how to conduct war was written by Sun Tzu.
Here are some of his teachings, which were true when they were written in 500BCE, true now and also be true in the future. It is good to begin learning the art of detection from the logic/philosophical level as that will stay the same no matter what. What changes, and requires adaptation from the practitioner is to cast these teachings to the current era, its technologies and implementation options.
After all, the original Trojan Horse was made of wood and carried soldiers inside it. Today we execute the same method using computer code. While the implementation is vastly different – the logic is identical.
Sun Tzu wrote:
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
“If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.”
“If you know neither the enemy nor yourself, you will succumb in every battle.”
What he means is that in order to be able to defeat or defend from an enemy/attacker, you must know both yourself and the enemy. If you were told that you are going to go to battle with a two-year-old toddler, and you are an able-bodied person… it is akin to knowing your capabilities, the enemy’s and the result of hundred battles with this opponent.
Sun Tzu continues to teach that if you only know your capabilities but not the enemy’s, you have a 50/50 chance, and thus, you will win half of the battles and lose half.
In online fraud detection and cyber-crime, the same rule applies. If you are not sure if a certain virus or malware is able to harm your system, it is then pure random choice. If we were to toss a coin about it, we should get a 50/50 chance of the result being yes or no.
Lastly, Sun Tzu teaches us that if we do not know ourselves and our capabilities, and not our enemy’s – we will probably lose every single time.
Executives in high ranking positions at the top banks and companies in the world will not be able to keep up easily with the implementation layer of their cyber defenses, and the process/procedure layer. However, they must learn and “be dangerous” in a discussion about the logical/philosophical layer as that is the core of any system.
Our journey will take us through understanding this layer thoroughly and provide examples of implementations throughout the years.
More in chapter 3
With cyber security always evolving, how do you stay on top of knowing the enemy? What is the time frame that new security goes from “strong” to “insecure to obsolete?”
JB,
By constantly thinking and pretending to be the other side – you get a sense of their challenges. You should think about this as if you were the crook, what would you need to do to beat the security you are faced with?
The time of obsolescence depends on a few factors, and the tools the bad guys have at their disposal. For example, should you increase your passwords from 8 characters to 12, the time it would take to attempt all the combinations is not that great. If you add a control that is based on having a physical token, it will more time to figure out how to mimic its digital signal or replay it.