The “Sand Clock” Model of Cybersecurity by Javier Stransky

Introduction

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
― Sun Tzu, The Art of War

If we go back in time, talking about cybersecurity, we would probably find ourselves discussing about which Anti-Virus and firewall where the best or “more secure”, with probably not even a real security strategy. Two decades ago, that was not as bad as it looks today. The threat landscape changed a lot, along with the size of the internet, the business models, how we work and not exaggerating, the minds of an entire generation. So now, we cannot survive as an organization without a proper security strategy, of
course with the right -and necessary- investment.
That’s something that we are going to hear on any cybersecurity conference and webinar around the world for sure, but the question now is ¿Why?

When the business models decided to take a posture more technologyoriented, the impact surface on every organization became wider. But not everything was money-related, since the development of new technologies allowed to increase productivity and commodities everywhere. This meant that all humanity voted for technology and its benefits, including new job roles that increased the use of computers, programs and internet. ¿So far so good, right? Well, not so much. The problem that came with this, is that
with a bigger fortress to defend we needed more security-oriented technology investments, human talent, policies enforcement and so on, but the vast majority of companies worldwide didn’t take this seriously enough.

Views: 10