How the Teachings of Sun Tzu and the Art of War Apply to Cyber Security

Military warfare and deception – these two terms go hand in hand, and it’s no different when it comes to cyber security. Appearing weak when you’re strong, spreading false information, slowing down the opposing forces… these are all fantastic tools in your arsenal when the goal is to defeat your enemy. If you’re a fan of Sun Tzu and his teachingsthat still hold true to this very date, these core principles of turning the tides of war should ring a bell.

Studying your enemy is the key to anticipating their next move

Much in the same vein, cyber security teams have learned to put most, if not all of them into practice when making a stand against hackers. By studying what the bad guys are up to, it’s possible to get a good idea about who they’re likely to target next, what attack methods they’re likely to use, and identify the driving factors behind their actions.

“The secret to outsmarting cyber criminals lies in studying their actions so you can accurately estimate when and where they’re most likely to strike next.”

– William Varela, CMO at NordVPN.Solutions

It’s no secret; the more you learn about your enemy, the better equipped you’ll be to prevail in a battle. The reverse also applies; the less your enemy knows about you, the harder it’s going to be for them to pull a fast one on you (hence, spreading false information is a good idea in war).

It’s a game of cat and mouse

The war between cyber security teams and hackers is a game of cat and mouse. Once the latter manage to compromise your systems, they can wait in the bushes for weeks or even months before launching their attack. If the good guys want to outsmart them, they must think at least a step or two ahead. Still, it’s close to impossible to defeat them all the time, as nothing is ever certain in the world of cyber security. You see, the attackers can afford to make multiple mistakes, whereas the organizations on the defending side cannot.

Waste their time by deploying decoys

One of the best ways to trick an attacker into a false sense of satisfaction is to deploy fake assets that serve as a decoy. Think in terms of login credentials, databases, and applications; the more believable they seem, the more time they will waste. When everything is taken into consideration, time is one of our most valuable resources, and if you successfully lure an attacker into wasting it on a decoy, you’re one step closer to success. If the hackers are unable to deduce what’s real and what’s not, you may bait them into attacking one of your fake assets, thus revealing their presence.

The future lies in automated responses to threats

The modern technology is gradually moving toward presenting a solution that employs automated responses to threats, making it a hands-off approach to fighting cyber crime. How useful would it be if you could deploy AI-powered tools that set up decoys for the bad guys to target and waste their time on? At any time these decoys find themselves under attack, you’ll be served a warning sign for free – allowing you to move your real assets to safety before anyone targets them. Essentially, you’re eradicating the threat right at the entry point.

The hackers are unable to attack without simultaneously revealing valuable data points about themselves

No matter how you put it, by attacking one of the decoys, the hackers reveal valuable data about themselves; there’s just no way around it. You can use this to your advantage by interpreting it as a useful sign that points you in the direction of their next attack. In essence, you learn more about your enemies without taking any casualties. You can study the attack target, the entry point, the patterns… and the list goes on.

Analyze your enemy without taking casualties

As soon as you detect that something’s wrong, you’ll be able to make the adjustments needed to protect your assets. After that, you can take a step back and proceed to analyze their attack in a controlled environment. Once you’ve examined their tactics, you’re much better suited to make a stand against them. In the process, you’re collecting forensic evidence as well – don’t forget that!

War is deception and deception is war

The measures discussed today are designed to prevent a disaster before it gets a chance to materialize. By utilizing what you’ve learned today, you’ll be able to shut down an attack before it gets out of hand. Just as a military general would do, you’re utilizing deception to throw off your adversary and leaving fake clues behind to bait out an attack. By studying your enemies, you’ll get the upper hand and make sure they never come back.

You Might Also Like