Your SOC Isn’t Enough. You Need A Mindset.
There were no SOCs when Sun Tzu wrote “The Art of War” more than 2,500 years ago. The ancient Chinese warrior’s old principles can empower new cybersecurity attitudes and approaches to fighting our newest wars in the digital realm.
And make no mistake: today, we are at war in the 5th Domain. Bombs aren’t exploding and people aren’t dying, but what we build, where we heal, who handles our money, and even when we flip on a light switch are all under continuous attack. Attacks by smart, motivated, and resourceful cyber adversaries from around the globe who look to cripple our society.
Our way of life is under assault, and how we can fight back is the vision behind my upcoming book, “All The War They Want: How To Break The Rules And Stack The Deck.” And our defense begins with focusing not on the latest gadgets, but on our mindsets. The way we think about this problem will play a huge role in the final outcome.
Be Adaptable, Agile, and Aware
Traditional approaches on how to fight in this digital dimension are doomed to fail, because conventional wisdom is predictable, and predictability is exploitable. We must have the ability to adapt rapidly, and not simply follow rules. In that sense, we need to be more of an organism than an organization. We must be agile and aware while aiming at the end result of actual defense and deterrence.
Today, the typical approach falls well short of that ending. Far too often, we settle for security compliance, which means that we’re simply doing what we’re supposed to do, today. But that should only be a checkpoint on the road to maturity (which means that we’re doing what we’re supposed to do every day) and effectiveness (what we’re doing every day actually works). Most organizations never get to maturity, let alone effectiveness.
To start that journey, our evolving processes must be rooted in consistent principles. Sun Tzu offers three key ideas that can help us identify challenges and opportunities as they form in this new battlespace. They are:
- Know the environment. If you’re going to climb a mountain, fight a battle, solve a problem, or face adversaries of any kind, the more you know about the terrain you’re operating on, the better off you are. Knowing the environment is your starting point, and you build outward and upward from there.
- Know the enemy. The key to success in special operations and asymmetric warfare is to be able to put yourself in the position of your adversaries without demonizing them. You must be able to see the situation through their eyes without your emotions clouding your view, because looking at it from their perspective will enable you to better predict, prepare, respond, and defeat them.
- Know yourself. It doesn’t matter how tough you are. Eventually, you’re going to run into someone who’s tougher. Once you truly understand that, it frames the way you engage in fights from that day forward. You no longer fight for sport, you fight only to win. Your survival is at stake.
Your opponents already are executing such principles, and succeeding in doing so in ways that are two-fold. There is intelligence preparation of the battlefield, where cyber adversaries are gaining information that would be needed to lead to future attacks. There is operational preparation of the environment, where our foes are positioned to be able to execute larger, more complex attacks. That is why having a SOC is not enough.
We’re Already Under Attack
The reality of this ongoing war was infamously demonstrated in the recent SolarWinds debacle, where the simple insertion of malware into code was both operational preparation of the environment and intelligence preparation of the battlefield. It allowed for the execution of attacks via that code and the simultaneous collection of troves of data.
That attack defined industrial, geographic, and political boundaries, and it reached virtually every corner of our society. It crystallized that this is a problem not just for our government or specific industries, but for all of the American people. Yet, there’s a lack of ownership of this threat.
We can’t believe this problem is unsolvable, or someone else’s problem to solve. Rather, you and I and our fellow Americans can and must reject the status quo, band together as a special operations unit to fight this asymmetric war and win it, and successfully defend our way of life.
If your answer to this challenge isn’t a “Hell, yes!” then it is a no. Total focus is the only way to solve difficult problems like this. Tech won’t be enough to win this war; we need tenacity, thought, and teamwork. I hope the book inspires us all.
How do you come to “know yourself?” For over two thousand years, texts like Sun Tzu’s Art of War have expressed the value of this exercise in battle, in life, and in business. In episode 3 of “All the War They Want,” Jeff Engle and Carmen...
What does a hacker look like today? How do they operate, and how can businesses protect themselves against unknown cyber threats? In the second episode of our new podcast “All the War They Want,” GRC Consultant Bradley Barnes joins Carmen Brooks and Jeff...
Knowing the Environment – Challenges and solutions around protecting what is important to you and your business
How do small businesses defend against cyberattacks? How do they prioritize teams and resources to achieve “cyber resiliency”? Is compliance alone enough to stay safe? In this episode of All the War They Want, Liz Nurse joins Carmen Brooks and Jeff Engle...