Master your business protection with this refreshingly novel approach to Cyber Security
Click here [audio] if you prefer to listen the episode.
It’s a well-known fact that the planet has been drawing inspiration and enlightenment from Ancient Greece. From culture, education, arts, history, balance, ethics, personal development — the areas are so many that it might be a good idea to teach ancient Greek philosophy extensively at school as a main subject. Even technology has its roots in philosophy. In fact, Bill Gates said that behind his success is the fact that he was studying Greek philosophers.
Today, however, I will concentrate on cyber security, which is a very hot subject, and the existence of one specific principle of a philosopher called Zeno of Citium.
When it started
Zeno of Citium — or, as we call him in Greek, Zenon — is a Greek philosopher from Kition, Cyprus who lived between c. 334 — c. 262 BC. In a visit to an Athens library he came across Socrates’ writing and decided to follow his calling into philosophy initiation. He started his immersion to Crates of Thebes, who is considered the most famous Cynic having lived at that time in Greece, and later, he studied under the direction of Stilpo of the Megarian school, and Platonic philosophy under the direction of Xenocrates, and Polemo among others.
Zenon funded the Stoic school of philosophy, which he also taught in Athens from about 300 BC. Among his main interests were Physics, Logic and Ethics; the latter two we unfortunately lack in modern societies, and which will be the cause of this planet’s catastrophe.
What is Stoicism?
The definition I like most about stoicism is given by Tim Ferriss: Stoicism is considered a means of mental toughness training and it is perceived as an operating system for better decision making in high stress environments.
Who are Stoicism followers?
According to Forbes, stoicism is the unofficial philosophy of the military and the philosophy of the leadership, which even presidents around the world practice.
How to use Stoicism in cyber security?
The solution to every problem is always coming from the most powerful tool humans have — their brain — thus every methodology or approach which enables the brain to solve a problem in a better way is most desirable and necessary.
Unfortunately, we humans have the ability to often forget our initial goal and fall into the trap of playing someone else’ game. Especially when there is a stress factor involved in our decision-making process. And I am not only referring to the stress of responding to an attack/incident. I am referring to the stress most companies suffer due to the increased number of attacks that take place daily and most importantly, are successful in reaching their damaging goals.
This is exactly what the case is with cyber criminals. We allowed them to define the game, and now we are just playing it. We react and create solutions based on their requirements, and end up in a vicious circle while trying to catch up with them. We do not lead the game.
It is time to change the rules of the game, and more importantly, all of us who want to protect our businesses in an ethical way, CAN do this.
This is where stoicism of Zenon of Cition comes in handy. There is one question that captures the essence of this philosophy and this question is fundamental for logic as well.
What can you control and what you cannot control?
Thus, to capture the essence of this philosophy you need to understand that:
In every situation, there are things you can control and things you cannot control. You just need to train your brain to be able to distinguish between the two, and then focus exclusively on what you can control.
Apply what you learn immediately. Download “Master your protection” free quick start guide.
So, instead of focusing on what can go wrong, e.g. where the hackers can hit you next and how they can harm your systems, focus on what you can do to protect your most valuable assets — your data.
Being a hardware designer gave me the knowledge on how systems are designed to their deepest/lowest level, which also gave me the insight into how their security can be compromised. You do not need to be a hardware designer however, to be able to comprehend that if something was not designed specifically for security and is really outdated as a technology, it will not provide adequate protection.
Concentrate on the big truth and work with it:
You see, my experience and skills allow me to tell you one big truth. You cannot control the attacker and the systems you have, because of the fact that at their deepest level these systems are vulnerable. You cannot do anything to make these systems impenetrable, unless they are redesigned with security as a requirement. I personally sign this. This is all just the tip of the iceberg, and there are many more factors you need to take into consideration, but we will talk about them in more details in my future posts.
What can you control?
You can control the human factor which is the initiator of each attack. If you manage to control this, you can avoid or abort an attack with ease, and also control your data.
Human factor is mainly you, your insiders (employees) or anyone who interacts with your systems and your teams. In order to turn the human factor from your weakest link to your biggest ally in security you need effective ongoing training. This is something that is missing in the trainings so far.
As for your data, you must use deception methodologies in combination with a good strategy in order for your security to be effective. At the very least, make sure you evaluate your business data, who has access and by that I am referring mainly to the authentication process and supportive policies) to it and encrypt the most important ones with a strong encryption algorithm.
You cannot control the attacker & the systems. You can control the human factor & your data.
Can you see how the question “What is in your control?” can change your protection mode from reacting to anticipation? Anticipation stage is the most powerful place you can be with the attacks threatening the survival of your business. Asking the right question is the way to solve a problem according to Keith Cunninghton. Most problems remain unresolved not because of a bad answer, but because they answered a wrong question.
What is in your control?
A lesson taught from Stoicism philosophy:
Change your focus to what you can control instead of what cyber-criminals control and you will be in command of the game of cyber security.
And based on logic, by controlling the attack and the outcome (attack impact), you protect your business.
I am now turning it over to you. If you found this article useful share it with others. Remember, fighting cyber-criminals is a collective effort, and each one of us can contribute to this. I would also like to hear your thoughts:
- Was this article helpful to identify how to proceed with your business protection?
- Do you believe that security is a matter of how much money you will invest or an art of mindfully deciding what is important to protect?
- Do you believe people lost their way to protection because of all the complicated myths that exist around security?
- Most importantly what do you believe? Can security be in or out of your control?
I cannot wait to hear your comments so leave them below and let’s continue the conversation.
Want a little help? Download “MASTER YOUR PROTECTION” QUICK START GUIDE
About Yiota Nicolaidou
Yiota Nicolaidou is on a mission to eliminate terrorist and information security attacks (both cyber and physical) on businesses, by demystifying their security and simplifying their protection. Yiota is a former Communications Affairs Attaché for the Cyprus government, a Safety Critical Infrastructures adviser and Director of Regional Control Center of Operations for the Cyprus Civil Defence, information security analyst & strategist for the Cyprus Cyber Security Organization (CyCSO) NPO, an ambassador and correspondent for the Olbios Network for Action and finally, the founder of Secure World Vision, an international company enabling businesses to protect their valuable assets. Trained in Safety Critical Systems and Highly Classified Information, Yiota was the star pupil and mentee of Professor Dhiraj Pradhan, an ACM award winner and adviser, amongst others to NASA. Her academic qualifications include a degree in Hardware Design, a master’s in Advanced Microelectronic Systems Engineering with further specialisation in fault tolerance, hardware security, usable security & human brain functionality. Yiota’s expertise has been sought out by top semiconductor companies, Boeing, the European Space Agency, Europol, and governmental agencies fighting cyber-terrorism; she has also undertaken government-based safety critical infrastructure re-design related to public protection and the state. Yiota focuses her training model on holistic security, strategy and mental behavioural models. She also helps non-profit organisations by supplying them with the required technological tools.Featured as a female role model in Cyprus.