An ancient Greek philosophy – the novel approach to Cyber Security
Click below if you prefer to listen.
It’s a well-known fact that the planet has been drawing inspiration and enlightenment from Ancient Greece. From culture, education, arts, history, balance, ethics, personal development – the areas are so many that it might be a good idea to teach ancient Greek philosophy extensively at school as a main subject. Even technology has its roots in philosophy. In fact, Bill Gates said that behind his success is the fact that he was studying Greek philosophers.
Today, however, I will concentrate on cyber security, which is a very hot subject, and the existence of one specific principle of a philosopher called Zeno of Citium.
When it started
Zeno of Citium – or, as we call him in Greek, Zenon – is a Greek philosopher from Kition, Cyprus who lived between c. 334 – c. 262 BC. In a visit to an Athens library he came across Socrates’ writing and decided to follow his calling into philosophy initiation. He started his immersion to Crates of Thebes, who is considered the most famous Cynic having lived at that time in Greece, and later, he studied under the direction of Stilpo of the Megarian school, and Platonic philosophy under the direction of Xenocrates, and Polemo among others.
Zenon funded the Stoic school of philosophy, which he also taught in Athens from about 300 BC. Among his main interests were Physics, Logic and Ethics; the latter two we unfortunately lack in modern societies, and which will be the cause of this planet’s catastrophe.
What is Stoicism?
The definition I like most about stoicism is given by Tim Ferriss: Stoicism is considered a means of mental toughness training and it is perceived as an operating system for better decision making in high stress environments.
Who are Stoicism followers?
According to Forbes, stoicism is the unofficial philosophy of the military and the philosophy of the leadership, which even presidents around the world practice.
How to use Stoicism in cyber security?
The solution to every problem is always coming from the most powerful tool humans have – their brain – thus every methodology or approach which enables the brain to solve a problem in a better way is most desirable and necessary.
Unfortunately, we humans have the ability to often forget our initial goal and fall into the trap of playing someone else’ game. Especially when there is a stress factor involved in our decision-making process. And I am not only referring to the stress of responding to an attack/incident. I am referring to the stress most companies suffer due to the increased number of attacks that take place daily and most importantly, are successful in reaching their damaging goals.
This is exactly what the case is with cyber criminals. We allowed them to define the game, and now we are just playing it. We react and create solutions based on their requirements, and end up in a vicious circle while trying to catch up with them. We do not lead the game.
It is time to change the rules of the game, and more importantly, all of us who want to protect our businesses in an ethical way, CAN do this.
This is where stoicism of Zenon of Cition comes in handy. There is one question that captures the essence of this philosophy and this question is fundamental for logic as well.
What can you control and what you cannot control?
Thus, to capture the essence of this philosophy you need to understand that:
In every situation, there are things you can control and things you cannot control. You just need to train your brain to be able to distinguish between the two, and then focus exclusively on what you can control.
So, instead of focusing on what can go wrong, e.g. where the hackers can hit you next and how they can harm your systems, focus on what you can do to protect your most valuable assets – your data.
Being a hardware designer gave me the knowledge on how systems are designed to their deepest/lowest level, which also gave me the insight into how their security can be compromised. You do not need to be a hardware designer however, to be able to comprehend that if something was not designed specifically for security and is really outdated as a technology, it will not provide adequate protection.
Concentrate on the big truth and work with it:
You see, my experience and skills allow me to tell you one big truth. You cannot control the attacker and the systems you have, because of the fact that at their deepest level these systems are vulnerable. You cannot do anything to make these systems impenetrable, unless they are redesigned with security as a requirement. I personally sign this. This is all just the tip of the iceberg, and there are many more factors you need to take into consideration, but we will talk about them in more details in my future posts.
What can you control?
You can control the human factor which is the initiator of each attack. If you manage to control this, you can avoid or abort an attack with ease, and also control your data.
Human factor is mainly you, your insiders (employees) or anyone who interacts with your systems and your teams. In order to turn the human factor from your weakest link to your biggest ally in security you need effective ongoing training. This is something that is missing in the trainings so far.
As for your data, you must use deception methodologies in combination with a good strategy in order for your security to be effective. At the very least, make sure you evaluate your business data, who has access and by that I am referring mainly to the authentication process and supportive policies) to it and encrypt the most important ones with a strong encryption algorithm.
You cannot control the attacker & the systems. You can control the human factor & your data.
Want a little help?
Can you see how the question “What is in your control?” can change your protection mode from reacting to anticipation? Anticipation stage is the most powerful place you can be with the attacks threatening the survival of your business. Asking the right question is the way to solve a problem according to Keith Cunninghton. Most problems remain unresolved not because of a bad answer, but because they answered a wrong question.
A lesson taught from Stoicism philosophy:
Change your focus to what you can control instead of what cyber-criminals control, and you will be in command of the game of cyber security.
Based on logic, by controlling the attack and the outcome (attack impact), you protect your business.
I am now turning it over to you. If you found this article useful share it with others. Remember, fighting cyber-criminals is a collective effort, and each one of us can contribute to this. I would also like to hear your thoughts:
- Was this article helpful to identify how to proceed with your business protection?
- Do you believe that security is a matter of how much money you will invest or an art of mindfully deciding what is important to protect?
- Do you believe people lost their way to protection because of all the complicated myths that exist around security?
- Most importantly what do you believe? Can security be in or out of your control?
I cannot wait to hear your comments so leave them below and let’s continue the conversation.
Apply what you learn immediately. Download “Master your protection” free quick start guide.
Prominent changes in the trajectory of the Cyber-security space Part 1 Click below if you prefer to listen. Free Quick start guide: Master your business Protection I am certain you have all noticed that there are some changes around us affecting the way the world is...
The four forces behind cyber-security collapse Click below if you prefer to listen. Free guidance checklist - Cover your protection bases Cyber-security is collapsing and here are the four forces which are causing this to happen. Force #1: Mobility &...
Security planning for 2019 part 3 Click below if you prefer to listen. Free Quick start guide: Master your business Protection This episode is the third and final part of a three-part series based on a study I conducted about how the security...
and get the latest updates