Cyber security through a new lens: offense-defence strategy and the person behind the screen

Wednesday, November 10th, 2021

As a summer intern at Cyber Business Growth earlier this year, I began to grasp the severity of cyber threats and understand their damage potential. With my MA in Intelligence and Security starting in September, carrying on with CBG in a part-time security consultancy position was the perfect opportunity to learn more about this industry, from both an academic and commercial standpoint. A couple of months into the MA, two modules in particular show striking relevance to the world of commercial cyber security. From looking at the offense-defence analogy of warfare, and the significance of the individual, important lessons can be learnt for businesses in protecting their cyber framework.



Whilst studying the power of information in the Cold War may seem far removed from the cyber security needs of today’s businesses, these two worlds share some striking similarities. The Cold War, a conflict between state superpowers, was a war of information and knowledge. It was a struggle for information superiority, in other words a fight to know more about the other side than they knew about you. The more knowledge the West possessed over the secretive actions of the East for example, the greater its capabilities and its degree of power. In my opinion, this resembles the dynamics of modern day cyber security; a fight between two sides, a business and its hacker, over information. The business works to protect its data, and the hacker seeks to penetrate any defences in place to access confidential information.


Whilst sides in the Cold War protected themselves using the threat of nuclear retaliation, a commercial business too draws upon its own array of armour to protect its information from hackers, with everything from firewalls to penetration testing. In this way, both the Cold War and a cyber-attack are based upon the dynamics of offense-defence. As history teaches us, war has often been waged over treasure, and cyber security is no different; the offensive hacker fights for their chance at the treasure chest of data, guarded by the defensive business. This dynamic confronts a business with the question that is as relevant now as it was when Blackbeard and his pirates sailed the seven seas pillaging for gold: what is the value of your treasure, and just how far would you go to protect it from pirates, real or cyber?


Technology and Security

In studying the relationship between technology and security, I have now come to regard technology as a network of complex interweaving components and individuals, rather than as a material object such as a computer. This notion doesn’t ring true just for matters of national security, but for issues closer to home too, namely the security of your business. In a society full of devices and machinery, it’s easy to underestimate the role of the individual, and to over-depend on the products we’ve created.


Prioritising the role of the individual not only enhances your cyber defences but ensures your business protects both its bottom line and its personnel. From certification programs such as Cyber Essentials, to implementing first responder training for employees in case of a cyber-attack, placing the human element at the forefront of security policy translates to an enhanced defence shield around your business. Indeed, with the word technology deriving in part from the Greek techne, meaning skill, we are reminded of the technical world as one of craftsmanship, and the importance of the crafter. If your business takes the necessary steps to ready its staff, as well as its online defences, against cyber threats, its chances of survival are significantly increased.


The offense-defence analogy of warfare not only pushes a business to understand the severity of a potential cyber-attack and what’s at stake but emphasises the power of information superiority. A business which prioritises its cyber security aims to possess more knowledge than any potential hacker and to ensure it knows more about its defence systems than any threat actor, making the possibility of a successful attack increasingly unlikely. If a business then prioritises the role of the individual as well as the technical aspects of its defence systems, its security shield is one of both human and cyber resilience. With these two factors at play, your business can become a fortress, impossible for the enemy to infiltrate.


By Francesca Boyce Cam




Find out more about our services:

Cyber Services 
Market Development Services
People Services