Keys to Working Smarter Not Harder in Cybersecurity Part 4 of 5

Welcome to Part 4 in our discussion about working smarter not harder in cybersecurity.

Let's talk more about perfectionism and how it neglects the immediate issues.  This thinking must be broken and we must avoid “worst-case” and “just-in-case” thinking.  All of these are detrimental to achieving security as soon as it should be achieved.  There is some urgency to achieve things in the immediate.

Pursuit of perfection fallacy and neglecting the immediate

At the heart of older ways of thinking is “pursuing the perfect, at the expense of the good”.  Compare this also to “a good plan today is better than a perfect plan tomorrow”.  Speed and time are of the essence in cybersecurity.  

Pursuing perfection hinders progress to address today’s immediate threats in favor of trying to do things perfectly for tomorrow.  Focus on today just as much as tomorrow, because Ransomware could come suddenly and massively.

Some companies pursue 10 projects simultaneously, and complete none of them.  Some wait to implement critical protections needed in the immediate, while pursuing long-term strategies that will take years to complete.  Meanwhile, they remain vulnerable - today.  

All of this is old-style thinking that can be overcome by attacks and ransomware – big reality checks no company can afford.  Why not work incrementally on small low-hanging fruit today, to stop some of the bleeding?  Implement those 1 or 2 changes to disrupt an attack chain.  One must know where to start and where to precisely focus.

Breaking the older thought processes

Security projects can drag on for years, as the security needle of progress slowly inches upward. In fact. needles also move down, nothing keeps them steady - so just maintaining them is a challenge.

Meanwhile, attackers are gaining huge ground, attacking in ways that run circles around defenders, repeatedly breaching an organization.   There is a better way.

As mentioned previously, patterns of behavior and outdated modes of thinking must be broken deliberately, as a first step.  Organizations must keep up with the latest “cyber threat intelligence” as well as “cyber defense intelligence”.  

This “CTI” and “CDI” includes an awareness of cyber adversary capabilities related to one’s environment (CTI-side) as well as one’s cyber defense limitations, potential blind spots, and unknowns regarding defense tools and capabilities (CDI-side).   Developing CTI and CDI capability is a must, to ensure one’s actions are laser-focused.  More on these in a later article.

Another big detriment and older way - “worst-case” and “just-in-case” thinking

Contrary to conventional thinking, experience has taught me that a “worst-case scenario” and “just in case” approach in cybersecurity may do more harm than good.  Such an approach causes more friction and achieves less results.  While this seems counter-intuitive, it's the reality.  Such approaches result in trying to focus on too many things.

Consider if there were a choice to either apply a single low-impact configuration change to 10 critical systems rather than 100 changes to all 1000 systems “just in case”?  Think of the choice here being made:

We could either focus on 100 “possible” issues “just in case” on all 5000 systems (500,000 issues total – whether a config, patch, etc.) – that’s a tall order.


We could focus on 5 actually-exploited issues on 10 externally-facing systems (50 issues when multiplied.) This becomes a reduction of over 99.99% of efforts - this is much more manageable.

Making too many changes could have large operational impacts with resource requirements that become disruptive and create a lot of friction.  Making small changes is analogous to applying oil in specific places, rather than applying oil everywhere, “just in case”.  

Why not apply the oil in places where the rust is most likely to appear based on what is known from experience and intelligence?  That’s called working smart rather than working hard and “doing the right things” rather than just “doing things right.”

Stay tuned for Part 5 where we conclude the Keys to Working Smarter Not Harder in Cybersecurity series.

#Cybersecurity #LessIsMore #Infosec #WickedProblems - CYBER Y'ALL! - @CyberYall


Popular posts from this blog

Slay the Log4Shell Dragon TEAM 2 - Hunt and Detect Attacks Playbook

Slay the Log4Shell Dragon TEAM 1 - Protect and Detect Vulns Playbook

Keys to Working Smarter Not Harder in Cybersecurity Part 5 of 5