This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Michael Xie, Founder, President and CTO, Fortinet
War has been occurring since the beginning of mankind. Cyber attacks have been in existence since the advent of the Internet. And unfortunately, both are here to stay.
The reason they will never go away is because the motivations behind them are inextricably tied to the natural thirst of humankind for dominance, glory and wealth.
We can draw many parallels between physical and cyber war. It's perhaps not a bad idea then to take some lessons on dealing with cyber warfare from one of the greatest military classics ever written - Sun Tzu's Art of War.
Written by the renowned Chinese general, strategist and philosopher Sun Tzu 2,500 years ago, the book is widely referenced today by business leaders and individuals. It is a treasure trove of illuminating advice for businesses plotting to outwit their competitors, and individuals seeking to overcome their personal rivals alike. It also provides plenty of food for thought for organizations trying to gain the upper hand in cyber warfare.
Here are three Sun Tzu adages that every CIO should bear in mind:
1. Know your enemy and know yourself, and you will win a hundred battles.
If you do not know your own cyber defence capabilities, you need to identify them immediately. But that's not enough. Having accurate and timely information on your attackers is vital. In the context of cyber attacks, this means threat intelligence is paramount.
At the widely publicised White House Cyber Security Summit recently, US president Barack Obama called for better exchange of public-private sector threat information, and improved coordination among various bodies to fight cyber crime.
That's good advice that countries around the world should think of heeding. Individual organizations seldom see the "big picture" of cyber attacks. They are too absorbed in stopping an attack, restoring business and IT services, and minimizing downtime. Their failure to share information with other firms lets attackers learn from each attack, adjust their tactics, and apply new techniques to new targets in their next attack.
Threat information sharing is about exchanging contexts of attacks. This is crucial because it allows organizations to understand three things - the techniques used by the attackers, the common characteristics between organizations that have been attacked, and how attackers behave once they compromise an organization. These three pieces of information will help IT security teams connect the dots and block new attacks more effectively, thus raising the security posture for businesses and consumers in general.
Sign up for CIO Asia eNewsletters.