How Sun Tzu's Wisdom Can Rewrite the Rules of Cybersecurity

Digital Strategist Chris Hood
The greatest victory is that which requires no battle.” —Sun Tzu
These millennia-old words of ancient Chinese military strategist Sun Tzu — to whom The Art of War is attributed — are still very relevant today. The best defense is to avoid an attack in the first place. With the right architecture and approach, it’s possible to shield your environment from the cybersecurity arms race so that when the attacker strikes, you simply aren’t there.
Practice Attack Avoidance
Attack avoidance is one of the three critical aspects of enterprise security, along with prevention, which ensures that networks and systems are hardened against attacks, and detection, which identifies anomalies and provides a means to respond to attacks. Attack avoidance is often overlooked or subsumed in the larger zero-trust conversation but addressing it in the first stage of risk management brings immense benefit.
The best way to foil an attack is to make sure the attack never happens. In Sun Tzu’s time, that meant prioritizing information to gain the upper hand both strategically and tactically. In modern cyber defense, that translates into harnessing the full power of data, automation, and policy.
The simplest way to avoid an attack is to minimize the attack surface. To accomplish this, you need to:
The great thing about zero trust is that every device, application, and user is distinct. Finding your way into one device doesn’t get you into the rest of the environment, because nothing trusts anything else completely. If we can make those individual attack surfaces stealthy, we can up our security game even further.
You Cannot Attack What You Cannot See
Traditional VPN gateways depend on an open inbound listener that can be discovered and engaged by anyone on the internet. Connecting an endpoint to a network exposes the entire network — and the endpoints connecting to it — to potential damage from ransomware or internal threats. Removing the inbound listener eliminates the attacker’s foothold and connecting users to applications protects both the network itself and the devices from which users are connecting.
The old castle-and-moat method of protection is no longer a viable security model. This model enclosed your business with walls and barriers — but once someone got in, they had free rein inside the castle. In this new model, no one knows where your estate or business is, and even when you escort visitors/employees into your estate, they only have access to the parts of your estate that you show them. The rest of your technology estate is completely hidden from view.
From development to risk assessment, reducing the attack surface with modern technology choices will help your organization better protect itself and allow you to remove parts of your estate from the arms race entirely.
As Sun Tzu also said, “For to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.”
Cybersecurity Is Good for Business
Security is often discussed in negative terms — data breaches, regulatory fines, and business disruption. However, the advantages are seldom highlighted. Here are a few to consider:
With a simple change in perspective, business leaders can address security in terms of what it means to business opportunities, allowing for a more grounded, less fear-based discussion when it comes time to set enterprise security strategies.
Copyright © 2021 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.


Leave a Reply

Your email address will not be published. Required fields are marked *