by Yiota Nicolaidou
Master your business protection with this refreshingly novel approach to Cyber Security
It’s a well-known fact that the planet has been drawing inspiration and enlightenment from Ancient Greece. From culture, education, arts, history, balance, ethics, personal development – the areas are so many that it might be a good idea to teach ancient Greek philosophy extensively at school as a main subject. Even technology has its roots in philosophy. In fact, Bill Gates said that behind his success is the fact that he was studying Greek philosophers.
Today, however, I will concentrate on cyber security, which is an extremely hot subject, and the existence of one specific principle of a philosopher called Zeno of Citium.
When it started
Zeno of Citium – or, as we call him in Greek, Zenon – is a Greek philosopher from Cition, Cyprus who lived between c. 334 – c. 262 BC. In a visit to an Athens library he came across Socrates’ writing and decided to follow his calling into philosophy initiation. He started his immersion to Crates of Thebes, who is considered the most famous Cynic having lived at that time in Greece, and later, he studied under the direction of Stilpo of the Megarian school, and Platonic philosophy under the direction of Xenocrates, and Polemo among others.
Zenon funded the Stoic school of philosophy, which he also taught in Athens from about 300 BC. Among his main interests were Physics, Logic and Ethics; the latter two we unfortunately lack in modern societies, and which will be the cause of this planet’s catastrophe.
What is Stoicism?
The definition I like most about stoicism is given by Tim Ferriss: Stoicism is considered a means of mental toughness training and it is perceived as an operating system for better decision making in high stress environments.
Who are Stoicism followers
According to Forbes, stoicism is the unofficial philosophy of the military and the philosophy of the leadership, which even presidents around the world practice.
How to use Stoicism in cyber security
The solution to every problem is always coming from the most powerful tool humans have – their brain – thus every methodology or approach which enables the brain to solve a problem in a better way is most desirable and necessary.
Unfortunately, we humans have the ability to often forget our initial goal and fall into the trap of playing someone else’ game. Especially when there is a stress factor involved in our decision-making process. And I am not only referring to the stress of responding to an attack or an incident. I am referring to the stress most companies suffer due to the increased number of attacks that take place daily and most importantly, are successful in reaching their damaging goals.
This is exactly what the case is with cyber criminals. We allowed them to define the game, and now we are just playing it. We react and create solutions based on their requirements, and end up in a vicious circle while trying to catch up with them. We do not lead the game.
It is time to change the rules of the game, and more importantly, all of us who want to protect our businesses in an ethical way, CAN do this.
This is where stoicism of Zenon of Cition comes in handy. There is one question that captures the essence of this philosophy and this question is fundamental for logic as well.
What can you control and what you cannot control?
Thus, to capture the essence of this philosophy you need to understand that:
In every situation, there are things you can control and things you cannot control. You just need to train your brain to be able to distinguish between the two, and then focus exclusively on what you can control.
So, instead of focusing on what can go wrong, e.g. where the hackers can hit you next and how they can harm your systems, focus on what you can do to protect your most valuable assets – your data.
Being a hardware designer gave me the knowledge on how systems are designed to their deepest/lowest level, which also gave me the insight into how their security can be compromised. You do not need to be a hardware designer however, to be able to comprehend that if something was not designed specifically for security and is really outdated as a technology, it will not provide adequate protection.
Concentrate on the big truth and work with it
You see, my experience and skills allow me to tell you one big truth. You cannot control the attacker and the systems you have, because of the fact that at their deepest level these systems are vulnerable. You cannot do anything to make these systems impenetrable, unless they are redesigned with security as a requirement. I personally sign this. This is all just the tip of the iceberg, and there are many more factors you need to take into consideration, which I analyse extensively in other articles.
What can you control?
You can control the human factor which is the initiator of each attack. If you manage to control this, you can avoid or abort an attack with ease, and also control your data.
Human factor is mainly you, your insiders (employees) or anyone who interacts with your systems and your teams. In order to turn the human factor from your weakest link to your biggest ally in security you need effective ongoing training. This is something that is missing in the trainings so far.
As for your data, you must use deception methodologies in combination with a good strategy in order for your security to be effective. At the very least, make sure you evaluate your business data, who has access to it; and by that I am referring mainly to the authentication process and supportive policies; and encrypt the most important ones with a strong encryption algorithm.
Can you see how the question “What is in your control?” can change your protection mode from reacting to anticipation? Anticipation stage is the most powerful place you can be with the attacks threatening the survival of your business. Asking the right question is the way to solve a problem according to Keith Cunnington. Most problems remain unresolved not because of a bad answer, but because they answered a wrong question.
A lesson taught from Stoicism philosophy: Change your focus to what you can control instead of what cyber-criminals control, and you will be in command of the game of cyber security.
Based on logic, by controlling the attack and the outcome which is the attack impact, you protect your business.