Solving the cyber security Gordian Knot

Alexander The Great cutting the Gordian Knot, framework, thinking outside the box

In the Kingdom of all Kings in Phrygia, there was the Gordian Carriage devoted to the God Dias, Greek word for Zeus and Sabazios for Phrygians.  Alexander the Great, the King of Macedonia, felt a huge desire to see the carriage due to the legend associated with it.

The legend was the following: whoever could loosen this knot would one day be the ruler of Asia.

The knot was extremely intricate, and he could not see its beginning or its end. After trying with the common approach Alexander said: “it makes no difference how the knot is loosened”. He drew his sword and cut the knot in half. The same night thunder and lightning in the sky were interpreted as signs of success from the Gods.  Alexander the Great devoted a sacrifice to Gods the very next day to thank them.

The Gordian Knot has become a metaphor for thinking outside the box to solve a seemingly impossible problem. It signifies the easy solution of an impossible problem by finding a loophole or thinking creatively.

How does this apply to cyber security?

Alexander was one of the greatest strategists in history. He conquered the largest parts of the known world in that time period, including Asia, Persia and Egypt reaching India between 336-323bc. Learning tactics from the best strategist makes sense. As Tony Robbins says, “Success leaves clues. Go figure out what someone who was successful did, and model it. Improve it, but learn their steps. They have knowledge.”.

From this recorded moment in history it is clear that Alexander the Great had been thinking out of the box. He could easily see the big picture and was not stuck on the how. This type of thinking is one of the innate traits of great strategists. By applying it in life you take control away from the cyber criminals who expect you to react and follow their instructions instead of being proactive.

These days there are so many frameworks which are created to assist the security strategist, but along the way they took away the most important aspect of security strategy – the ability to speculate upon threats and anticipate them with the correct preparation.

Framework is a standard way of approaching a specific problem. Thus, in cyber-security framework is a standard/ formulated way to build security. It does not take into account the uniqueness of each business or individual.

Frameworks do not define the security strategists. They just assist them. If you allow them to define you they will take away the art of being a security strategist, your ability and talent to be an effective professional, and you become mediocre in the sea of average.

In the digital world where attacks happen every second there is no room for being average. You see, cyber criminals do not play by the rules, they do not play a fair game. They use tricks, illusions and deception methodology to reach their goal.

What is their goal? It starts with being present in peoples’ and organizations’ networks for a long time extracting and evaluating data until one day they escalate to phase two. The scale of damage at this phase includes them getting your money, affecting everyone you are associated with (e.g. clients, partners, suppliers), damaging your systems, destroying your reputation, down-valuing your assets, impacting your personal and business life based on their appetite. They use creativity to achieve their goals by finding the easiest way with the least effort in terms of energy, time and cost effectiveness.

The message I want to convey is not that frameworks are not useful. Instead, they are useful if you know how to take advantage of them without limiting your creativity. Solving a problem is not really about how. The how does not matter. It’s about having the ability to move your thinking in and out of the box with ease; being able to see the small and the big picture and switch between them at the right time. Timing is key, but I will analyze it in another article as it is a big subject on its own.

The person I have to thank for thinking differently (intellectually) is my dad. As a child, it was really interesting for me that he could solve any mathematical problem without the use of any formulas. At school, the approach was learning to solve problem by applying formulas mathematicians created. The “robotic automating process” as I call it.

It was more fascinating and cool to follow my dad’s approach. It was more intelligent and logical. After all, it was the way mathematicians discovered formulas in the first place.

Applying logic. That is the most important factor that defines security strategy.

You need to be able to think creatively at the right time. When an inside the box (traditional) approach is not working, which is the case for cyber security right now – and there are many factors to blame for this – you need to think outside the box.

There are people who will argue with me regarding why the traditional cyber-security approach is not working and I would reply to that with the following. If it was working, we would not have so many attacks around us. Let’s not forget that even protected businesses face security breaches these days. It is not my goal to analyse in this article how this is happening but outlining the major factors which are:

  • State actors in the cyber-attacks arena targeting businesses
  • Leaked US government tools available on the dark net market
  • Hybrid attacks involving more than one level of systems and
  • Advanced techniques of mind manipulation and deception

Thus, both security strategists and business owners need to think creatively.

Applying Alexander The Great’s strategy, “think out of the box and conquer business protection”.

If you want to know more about my philosophy related to cyber-security you can read the article “An ancient Greek philosophy – the novel approach to Cyber-Security