The Internet is an incredible resource that has revolutionized every aspect of our ever-changing global society. Some parts of life are nearly impossible without some connection to the net for work, play or learning. Yet, while our connectivity accompanies the entire planet through the digital evolution, it also introduces a new level of risk few people ever imagined.
But “spycraft”? What does that have to do with you or me? In truth, most of us are the furthest thing from a “spy,” let alone know how to control our risk of hacking. But the fact that you’re reading this post means that you’re asking the right questions.
Allen Dulles and his 73 Rules.
Allen Dulles was an American diplomat and intelligence officer who served as the first civilian Director of Central Intelligence (DCI) and was the longest-serving director of the Central Intelligence Agency (CIA) from 1953 to 1961. During his time at the CIA, he played a significant role in shaping US foreign policy, particularly during the Cold War. He was involved in several covert operations, including overthrowing the Iranian Prime Minister Mohammad Mosaddegh and the Bay of Pigs invasion in Cuba. He also helped establish the CIA’s covert action capabilities and modernized its intelligence-gathering methods.
The inspiration for this presentation is roughly based on Allen Dulles’s 73 Rules of Spycraft. When he wrote this missive, it was as an instructor for agents in the field. His general philosophy for the craft was that “spying” anywhere is often dangerous and must be engaged with the strictest discipline.
A quick read of Dulles’s rules reveals a bit of duplication and redundancy, but there are good reasons why he wrote that way. In part, he wanted to demonstrate that rules for this type of work required constant adaptation. And like a good teacher, Dulles illustrates that the essential aspect of being mindful about security “consists not only in avoiding big risks… it is consistent care in them that forms the habits of true security mindedness.”
Knives out: Lurking Cybersecurity Threats
In a real sense, you’re risking everything whenever you open a browser window. One little error, one misstep in judgment, and you could lose it all to a hacker.
According to the 2023 SonicWall Cyber Threat Report, while the total global count for ransomware was 493.3 million (a 21% drop over last year), Europeans saw an 83% jump, which includes a 112% increase in the UK. The education and finance sectors were hit the hardest, with sharp increases of 275% and 41%, respectively. So, while the risk of getting hit by ransomware is still higher than getting hit by a car or lightning, the effects can be just as devastating.
What is the solution? Experience shows us that we can manage both the risk and the potential damage. For the sake of this article, I present an easy four-step action plan.
Whom do you trust?
Trust is the crux of cybersecurity, where behavior and technology meet. Therefore, the first step is assessing trust and recognizing that risk is omnipresent.
Just by being here and reading this article, you trusted the host of the website where this article is published, the IT engineers and technicians who run the website, the coder who built the page and uploaded the article, and me. And that’s not including anyone who may have sent you a link because they think you should read it. My gosh. That’s four or five people in the process you’ve trusted already. Let’s add now the manufacturer of the technology you’re using to get here, your bandwidth provider, your fiber or wire or satellite company – maybe even the neighbor with a beard. You see where this is going, right?
The juvenile response to such mounting risk is, “I’ll never trust anyone.” However, such an attitude only takes us so far because when it comes to engagement and interaction (online or offline), eventually, you must trust someone.
Spycraft as a cybersecurity risk mitigator.
Consider the second step: how to apply spycraft as a risk mitigator. We adopt unconscious happenstance to function normally for everyday tasks: preparing ourselves for work, the commute, lunch, watching a show on the television, and walking the dog. Now consider how a happenstance approach endangers your cybersecurity. Risk always increases when we stop paying attention.
Adopting ‘spycraft-sense’ mitigates the risk of getting hit by a car by looking both ways before we cross a street. And you can avoid most lighting strikes simply by not going outside when conditions for lighting are present. Similarly, we can enhance cybersecurity by never blindly trusting everyone and everything we see online. That means adopting what Allen Dulles called “greater situational awareness” for the things that increase risk.
Therefore, we can reduce risk by becoming fully mindful of our daily interactions and engagements. That means being aware of how hackers deploy social engineering with various forms of phishing (email, text messaging, social media) and setting personal rules about links we click, sites we visit, downloads we take, and the technology we deploy to control or even reverse potential damage.
Cybersecurity technology that can enhance the effect of spycraft.
Then it should be no surprise that our third step is looking at how technology may enhance the effects of everything we’ve done so far. From great technological advancement comes greater convenience. New tech delivers fantastic opportunities straight into our hands. But, if we want to continue to enjoy those opportunities, then it’s really up to us as individuals to step up and control the inevitable risks that come with using them.
The title of this Mindhunter presentation seems a little apocalyptic – disaster is not inevitable. I would instead like to think that the title gives us some optimism. We don’t have to become spies to control our cybersecurity risks; we just need to follow basic rules of engagement and interaction to keep us safe from malware that can lead to ransomware and other advanced threats.
However, should something sneak past us, we want layers of technology that can stop threats before they exert their total potential damage. Think of yourself as an onion with an outside layer of good anti-virus and anti-malware software on all your local devices. In the next layer, we can deploy next-generation firewalls (NGFWs) and AI-augmented software that analyzes even advanced threats and neutralize them without degrading device performance. And we want redundancies, backups, and means for easy rollback to protect our core. The best part is that this technology is off the shelf and ready to deploy today.
Explore and learn with SonicWall’s Mindhunters.
That leaves us to the fourth and final step: book your seat for MINDHUNTER #12, Cybersecurity: Preventing Disaster from Being Online. This is where you can pick up active lessons on cybersecurity from experts in the field today. Get the most from better online behavior and be boundless with excellent cybersecurity solutions and technology. The event is scheduled for April 18, 2023. Good hunting!