You don’t need to know your enemy

Welcome to the new 67 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.

Keep up with our weekly newsletters on LinkedIn, Subscribe here.

This week we’re focused on…📣

Controlling what you can control – not what you can’t. 

OK. Why? 

Because at #BHMEA22, Thanassis Diogos (X-Force Incident Response Executive Consultant at IBM) said that clients often tell him they want to know their enemy. But knowing your enemy shouldn’t be your primary goal. Instead, Diogos said:

“You need to know your environment.” 

You can’t control the enemy 👾

We all want to know who’s against us. We all want to know who to blame – who’s trying to steal our data? Who’s trying to deceive us? Who’s the bad guy? 

In The Art of War, Sun Tzu wrote: 

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.”

And this logic is often applied to modern cybersecurity. In an ideal world, every organisation would know both themselves and their enemy in great detail – but that’s not the world we’re living in. 

The reality is that enemies are numerous and hard to spot. They’re changing all the time; and your enemy might be an organised crime group in another country, but it might also be that guy in your company’s accounts team who’s secretly being paid by a ransomware group to locate and exfiltrate your most protected IP. 

You cannot know all your enemies. You can’t control their decision-making processes. 

But you can know (and manage) your environment 🛡️

So instead, it’s far more productive to focus on what you can know – and put systems in place to get to know it better. 

No matter how mature your security posture is right now, there’s still potential for you to gain greater visibility and learn more about your threat landscape. You can increase your organisation’s resilience by focusing on gaining a holistic view of your company data, operations, and users – so that regardless of who your enemy might be, it’s really hard for them to get in. 

One way for CEOs to understand their environment better and contribute to a stronger security culture is to collaborate closely with their CISOs. Check out this podcast episode to hear Gary Hayslip (CISO at SoftBank) talk about exactly that. 

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 8 November 2023.

Catch you next week,
Steve Durning
Exhibition Director

P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action?

*Referral program terms and conditions