Last night I met with my very good friend and extremely talented worldwide successful composer Marios Joannou Elia. Marios is one of the most talented composers of contemporary music worldwide. In fact, he has been selected to compose music for the largest Theremin Ensemble; a Guinness World Record attempt among many other successes. I have a link to his profile in the episode description if you are interested to find out more about Marios.

Even though we don’t meet often every time we meet it is such a treat and privilege as he inspires me and we are tuned into another level of perception. Marios -philosopher you are expecting this episode!

I have been wanting for such a long period of time to talk about a specific concept in security and I could not find the angle which will make it easy for everyone to understand. Marios gave me that angle when we were discussing about the difference between multimedia and polymedia; a concept he has researched a lot and he is an expert in.

Even though there are definitions explaining multi and poly as roots for the same thing in reality, multi is referring to competitive forms of entities which try to thrive against each other simultaneously whereas poly is about the harmonious connections between different entities which come together to contribute to the same cause.

You might wonder how that is related to security. Well security and music have something in common. They share the concept of harmony. One music note out of tune and it can destroy a music piece. One parameter out of tune and you stop being protected. Your protection needs to be harmonious; not attention grabbing.

The people who participate in my events know about the dimensions of protection as I always cover those. I do not want to deviate from what I am covering today so I will not cover the dimensions of protection in this episode but if you want me to cover them in a future episode please let me know in the comments section.

However, today I will focus on one of those dimensions which is the Human Element; in other words how, the human factor affects the protection of a business or individual.

In order to be in harmony for your security you must have three parameters in tune which I call “the three spheres of protection”. Spheres in security are like the dimensions for each dimension. I do not want to get you confused with philosophical terms so that is why I will dive into the three spheres of protection and explain them in simple terms right away.

Your habits and behavior dictate your actions. If you have been following me for a while now you know how much focus I give into how much your protection is affected by you and that your ability to be protected is strongly related to your protection levels. A simple example of such a behavior could be your decision towards the WiFi networks you connect your devices to on a daily basis but if you are looking for a more in depth explanation of this concept I have a myriad of episodes you can dive into linked below this episode.

Unfortunately, our compromise does not always come from us but instead from our close environment. Let me give you an example. Several years back there was one case with a European level politician whom was handling confidential information and the information got leaked. A huge investigation started in order to define his involvement and how this data was actually leaked. Several top security professionals got involved trying to figure out what happened but no matter how hard they tried they could not figure out the source of the leak. In my very early career stages and admitting it very ambitious I asked If I could give it a try. To be honest no one really paid attention to me and they did not believe that I could actually figure out what happened; let alone that I would never be able to announce it as my achievement even if I could. You see there is a difference between an impressive academic record and actual experience in solving real cases of attacks. But I was willing to give it a try. They could not do much more anyway, so they decided to let me give it a try; but my approach was considered strange at that moment in time.

Want a little help?

Now, I had to convince a politician with a huge investigation on his back that a girl just out of university can help him not from losing his career by letting her literally become his shadow. To be honest that was even more difficult than actually discovering what happened. The security at his office and house was almost spotless. I mean seriously spotless, but I though come on; think like an attacker. What would you do?

On the third night I spent at his house and almost before kicking me off his property he sat at the table with his child almost the to the back of him. His son was playing a game having this huge TV screen in front of him which was connected to a completely separate network from his network. While I was watching the child playing it grasped my attention. No one though of testing the other network as it was irrelevant. But was it really? The focus for protection was on his business network, the game was vulnerable to cyber criminals, the TV camera lens was the attack vehicle and him leaving his screen uncovered and unlocked as his child would not read the information on his device while he was grabbing a bottle of water from the fridge was exactly what happened in this attack. Now, you might not be a politician holding confidential documents, but your close environment has the ability to affect your personal and business protection. The environment as created around you by your close ones can trigger attacks beyond your ability to define or anticipate them.

One of the major discussions for recent attacks is about the vulnerability you have because of the supply chain effect or in simple words how your correlation to other business entities affects your protection. We depend on so many others for our protection.

Let’s give a simple example. Say that you are a baker and you purchase all the ingredients to make bread. Flour, water and all the rest. Obviously, I do not make bread.

If water is contaminated no matter how good quality is your flour or how much of an expert you are at making bread the people who will eat it will get sick. You will tell me test the water but in reality, we have to go so many levels back that we are not able to check and control everything.

You cannot check your business collaborators’ security and you cannot know when that Facebook button on your website might become vulnerable and an opening for a cyber-criminal to your website.

In many cases we have a combination of spheres out of tune like in the example I gave in sphere #2. The neglecting of the child network protection and the fact that he was sitting with a screen full of confidential information with full view from a TV screen was the business sphere out of tune. His security team should handle those. The fact that he was letting unlocked and open the document while getting water from the fridge was his compromising habit and his child was his personal environment vulnerability.

Closing up this episode I would like to leave you with a tweetable.

At this stage you should be wondering how much in tune or out of tune your protection spheres are right?

I cannot wait to here your comments so leave them below and if you believe this episode is going to be beneficial for others share it.

P.S. Looking forward to another masterpiece Marios and let’s arrange our next meeting.

Apply what you learn immediately. Download “Master your protection” free quick start guide.