Sun Tzu on the art of cybersecurity

Thousands of years ago, Sun Tzu understood that victory in war comes from being smarter than the enemy, and you can win even if you aren’t stronger. His book, The Art of War, is a classic which strategists still learn from. With a few changes, his ideas apply to the battlefields of the Internet. If anything, they’re even more applicable in cyberspace. Successful attacks, for the most part, don’t come from overwhelming force but from subterfuge. Successful defenses come from being ready for trickery and deception. They come from security training that instills the best ways of thinking. Sun Tzu would have made a top-grade security consultant.

Keep his maxims and our revisions of them in mind, and you can hold off a horde of viruses, worms, and phishing attacks.

Six maxims, updated

Sun Tzu wrote, “If you know the enemy and know yourself, you do not need to fear a hundred battles.” We say, “If your employees know the tricks played on them and what they need to do, they don’t need to fear a hundred online scams.” They need training in recognizing deceptions like fake bills, warnings, and demands for information. They should be aware of lookalike links and pages. Whenever something is wrong, they should think before acting. Well-trained employees know themselves and do this by habit. They recognize many of the signs of trickery with a glance.

Sun Tzu wrote, “Excellence consists of breaking enemy resistance without a fight.” We say, “Security consists of preventing intrusion without interaction.” A key to this is to give employees only the access privileges they need. An intruder can’t take something from them which they don’t have. Employees should have only the permissions which they need to do their jobs. Administrators should use regular accounts except when they perform administrative functions. This limits the amount of damage a mistake can cause.

Sun Tzu wrote, “Let your plans be as impenetrable as night.” We say, “Let your access be as impenetrable as night.” Users need to develop the habit of creating strong passwords and protecting them well. They have to learn not to share passwords or leave them lying around on sticky notes. They should log out of devices when they leave and encrypt portable devices. They should transfer files securely rather than copying them onto a removable drive. Learning the proper use of a password manager will help them to keep access information strong and safe. There shouldn’t be any easy way for an intruder to pick up loose information.

Sun Tzu wrote, “Warfare depends on deception.” We say, “Users should be constantly alert to deception.” People tend to be trusting, but they can’t afford to be when it comes to Internet messages. They should learn that where email messages claim to come from isn’t always their real source. They should watch out for websites that want information from them.

Sun Tzu wrote, “The army that wins is the one animated by the same spirit in all its ranks.” We say, “The company that stays secure is the one animated by a spirit of security in all its ranks.” Everyone has to be committed to doing their part to prevent intrusion. Employees need to know that they make a difference. They need to be alert and careful.

Sun Tzu wrote, “Victorious warriors win before they go to war.” We say, “Secure networks win before they are attacked.” It’s too late to set up a secure environment and train users when the network is already compromised. A securely configured system and well-trained users will be ready to take on all threats before they start.

Victory goes to the prepared mind

Firewalls and protective software are important to a network, just as weapons and transportation are important to an army. By themselves, though, they aren’t enough to win. People are the key to success — people who are committed to the goal and know how to achieve it. With the right preparation, the chances of preventing data theft and damage are much higher.

Some companies don’t think seriously about security until they’ve suffered damage. They don’t do enough to make their employees alert and ready. They’re the losers in the online wars, because they weren’t prepared. Victory comes to those who are ready for anything, who expect surprises, who outthink the enemy. Contact us to learn how we can help you keep your workforce well trained in the best security practices.