MCSI #028 - Why do cyber attackers keep winning?
In the world of cybersecurity, attackers and defenders are always in a battle. Attackers keep finding new and creative ways to break into systems, while defenders usually stick to a set list of rules and standards. This difference in approach gives attackers an advantage because they can think outside the box and find unexpected ways to get past defenses. In this newsletter, we'll look at why cyber attackers often end up winning and what that means for keeping networks safe.
Creativity Always Wins
“Defenders hate criticism. Attackers live by it. It motivates them to outdo their previous achievements” - Benjamin Mossé
Creativity is a powerful force that fuels innovation and problem-solving. In the realm of cybersecurity, creativity allows for the development of unique and unexpected methods to challenge existing systems. It enables individuals to think outside traditional frameworks and invent solutions that have never been considered before. This capacity for original thinking is crucial when facing complex and dynamic challenges, as it allows for adaptive and flexible responses rather than fixed, predictable ones.
This inherent power of creativity is precisely why cyber attackers often have the upper hand. They leverage their ability to devise novel tactics and exploit unforeseen vulnerabilities, making it difficult for defenders, who are bound by standard protocols and reactive strategies, to keep up. As attackers continue to employ imaginative and inventive methods, they outmaneuver static defense systems, demonstrating time and again that in the cyber world, creativity not only leads—it wins.
The Pitfalls of Rigid Standards in Cybersecurity
“ISO 27000 told me to do it” - Unnamed CIO
By rigidly adhering to established standards such as ISO 27000, PCI DSS, and the Essential Eight, defenders often confine themselves to predefined frameworks and checklists. These standards dictate their actions and justify their security measures at the expense of engaging in a more dynamic, creative problem-solving process. This reliance on fixed guidelines can inhibit their ability to adapt and respond to the unconventional strategies employed by attackers, who are not constrained by such norms and continuously creatively explore new avenues for breach.
Empowering Defenders with Creative Freedom in Training
Every defender must have as much creative freedom as the attackers they face.
At MCSI, we are pioneering training courses that instill a critical principle: every defender must have as much creative freedom as the attackers they face. This begins with their training. By embedding creativity at the heart of our cybersecurity education, we empower defenders to think and maneuver with the same ingenuity and adaptability as their adversaries. Our goal is to transform the landscape of cyber defense from rigid adherence to standards to a dynamic, innovative battleground where defenders are equipped to outsmart the adversaries.
If this sounds like something that interests you, then browse our list of courses here.