“We can know only that we know nothing. And that is the highest degree of human wisdom.” ― Leo Tolstoy, War and Peace.
True wisdom, as Leo Tolstoy remarked, lies in acknowledging the fact that there will always be forces beyond our control and anticipation. As humans, we need to plan and respond to both what we know and what we don’t know. Unfortunately, the basic human tendency is to focus on what we know and discount the unknown. It is easy to be proactive and plan for the known, but for the unknown we are typically left to react and hope that the capabilities we have in place are adequate.
Interestingly, and particularly for the cybersecurity space, what tends to be most damaging is what comes from the unknown. Therefore, to best prepare for cyber incidents, it is critical to minimize the unknowns.
The infinite game
Many security professionals consider cybersecurity a game of cat and mouse between the good guys and the bad actors. However, security, unlike traditional sports, is not a finite game bound by a certain set of rules and a game clock.
From the defender’s point of view, security is an infinite game with an unknown number of attackers where rules change so fast that they virtually do not exist. From an attacker’s point of view, security is a series of finite games with each game having its own set of rules as defined by the attacker.
The attackers get to decide the who, what, where, when, why, and how of the target. For security teams, there is no choice. To not play is to a ..
Support the originator by clicking the read the rest link below.
