An ancient Greek philosophy — the novel approach to Cyber Security
I am certain the planet got used to getting enlightened from ancient Greece over and over again. From culture, education, arts, history, balance, ethics, personal development the areas are so many that it might be a good idea to teach ancient Greek philosophy extensively at school as a main subject. Even technology has its roots in philosophy. In fact, Bill Gates said that behind his success is the fact that he was studying Greek philosophers.
But today I am concentrating on cyber security which is a very hot subject and the existence of one specific principle of a philosopher called Zeno of Citium.
When it started:
Zeno of Citium — or as we call him in Greek Zenon — is a Greek philosopher from Kition, Cyprus who lived between c. 334 — c. 262 BC. In a visit to an Athens library he came across Socrates writing and decided to follow his calling into philosophy initiation. He started his immersion to Crates of Thebes which is considered the most famous Cynic living at that time in Greece and then he studied under the direction of Stilpo of the Megarian school and Platonic philosophy under the direction of Xenocrates, and Polemo among others.
Zenon funded the Stoic school of philosophy which he also taught in Athens from about 300 BC. Among his main interests were Physics, Logic and Ethics; the latter two we unfortunately lack in modern societies and which will be the cause of this planet’s catastrophe.
What is Stoicism?
The definition I like most about stoicism is given by Tim Ferriss. According to Mr. Ferriss, stoicism is considered a means of mental toughness training and it is perceived as an operating system for better decision making in high stress environments.
Who are Stoicism followers?
According to Forbes, stoicism is the unofficial philosophy of the military and the philosophy of the leadership, which even presidents around the world practice.
How to use Stoicism in cyber-security?
The solution to every problem is always coming from the most powerful tool humans have — their brain — thus every methodology or approach which allows the brain to be able to solve a problem in a better way is most desirable and necessary.
Unfortunately, we humans have the ability to often forget our initial goal and fall into the trap of playing someone else’ game. Especially when there is a stress factor involved in our decision-making process. And I am not only referring to the stress of responding to an attack/incident. I am referring to the stress most companies suffer due to the increased number of attacks that take place daily and most importantly, are successful in reaching their damaging goals.
That is exactly what the case is with cyber criminals. They ended up defining the game and we are just playing it. We react and create solutions based on their requirements. We do not lead the game.
It is time to change the rules of the game, and more importantly, all of us who want to protect our businesses in an ethical way, CAN do this.
That is where Zenon of Kition stoicism come in handy. There is one question which captures the essence of the philosophy and that question is also a fundamental for logic.
In every situation, there are things you can control and things you cannot control. You just need to train your brain to be able to distinguish between the two and then focus exclusively on what you can control.
So, instead of focusing on what can go wrong, e.g. where the hackers can hit you next and how they can harm your systems focus on what you can do to protect your most valuable assets — your data.
Being a hardware designer gave me the knowledge on how systems are designed to their deepest/lowest level, which also gave me the insight into how their security can be compromised. You do not need to be a hardware designer however, to be able to comprehend that if something was not designed specifically for security and is really outdated as a technology it is not going to provide adequate protection.
Concentrate on the big truth and work with it:
You see, my experience and skills allow me to tell you one big truth. You cannot control the attacker and the systems you have because of the fact that at their deepest level these systems are vulnerable. You cannot do anything to make those systems impenetrable unless they are redesigned with security as a requirement. I personally sign this. This is all just the tip of the iceberg, and there are many more factors you need to take into consideration, but we will talk about them in more details in my future posts.
So, what can you control?
You can control the human factor which is the initiator of each attack and, if you manage to control it, you can avoid or abort an attack with ease and also control your data.
Human factor is mainly you, your insiders (employees) or anyone who interacts with your systems and your teams. In order to turn the human factor from the weakest link to your biggest ally in security you need extensive and ongoing training but at the same time an effective one. This is something that is missing in the trainings so far.
As for your data, you must use deception methodologies in combination with a good strategy in order for your security to be effective. At the very least make sure you evaluate your business data, who has access to it and encrypt the most important ones with a strong encryption algorithm.
Can you see how the question “What is in your control?” can change your protection mode from reacting to anticipation? Anticipation stage is the most powerful place you can be with the attacks threatening the survival of your business. Making a better question is the way to solve a problem according to Keith Cunninghton. Most problems remain unresolved not because of a bad answer but because of an answer to the wrong question.
What is in your control?
A lesson taught from Stoicism philosophy:
Change your focus to what you can control instead of what cyber-criminals control and you will be in command of the game of cyber security.
And based on logic, by controlling the attack and the outcome (attack impact), you protect your business.
About Yiota Nicolaidou
Yiota is an admitted Fighter against terrorism, trained for safety critical systems design and highly classified information protection. She was mentored by Professor Dhirah Pradhan who is considered the authority in Fault Tolerance by advising the best companies in the world as well as NASA itself and is ACM (the world’s leading computing society) award winner. In fact, he has identified Yiota as the best student he has ever seen in his career. Yiota was offered positions from the top semiconductor companies, Boeing and European Space Agency among others and has undertaken government based safety critical infrastructures re-design. Through her latest venture she’s is on a mission to eliminate information security attacks (both cyber and physical) on businesses and at the same time funding of terrorism attacks through Ransomware. You can learn more at https://www.yiotanicolaidou.com and https://www.secureworldvision.com