In the ever-evolving landscape of cybersecurity, the battle between defenders and attackers has historically been marked by an asymmetrical relationship. Within the cybersecurity realm, asymmetry has characterized the relationship between those safeguarding digital assets and those seeking to exploit vulnerabilities. Even within this context, where attackers are typically at a resource disadvantage, data breaches have continued to rise year after year as cyber threats adapt and evolve and utilize asymmetric tactics to their advantage. These include technologies and tactics such as artificial intelligence (AI), and advanced social engineering tools. To effectively combat these threats, companies must rethink their security strategies, concentrating their scarce resources more efficiently and effectively through the concept of force multiplication.
Asymmetrical threats, in the world of cybersecurity, can be summed up as the inherent disparity between adversaries and the tactics employed by the weaker party to neutralize the strengths of the stronger one. The utilization of AI and similar tools further erodes the perceived advantages that organizations believe they gain through increased spending on sophisticated security measures.
Recent data from InfoSecurity Magazine, referencing the 2023 Checkpoint study, reveals a disconcerting trend: global cyberattacks increased by 7% between Q1 2022 and Q1 2023. While not significant at first blush, a deeper analysis reveals a more disturbing trend specifically that of the use of AI. AI's malicious deployment is exemplified in the following quote from their research:
"...we have witnessed several sophisticated campaigns from cyber-criminals who are finding ways to weaponize legitimate tools for malicious gains."
Furthermore, the report highlights:
"Recent examples include using ChatGPT for code generation that can help less-skilled threat actors effortlessly launch cyberattacks."
As threat actors continue to employ asymmetrical strategies to render organizations' substantial and ever-increasing security investments less effective, organizations must adapt to address this evolving threat landscape. Arguably, one of the most effective methods to confront threat adaptation and asymmetric tactics is through the concept of force multiplication, which enhances relative effectiveness with fewer resources consumed thereby increasing the efficiency of the security dollar.
Efficiency, in the context of cybersecurity, refers to achieving the greatest cumulative effect of cybersecurity efforts with the lowest possible expenditure of resources, including time, effort, and costs. While the concept of efficiency may seem straightforward, applying complex technological and human resources effectively and in an efficient manner in complex domains like security demands more than mere calculations. This subject has been studied, modeled, and debated within the military community for centuries. Military and combat efficiency, a domain with a long history of analysis, offers valuable insights. In 1050 BC, the Chinese warrior LouTao observed:
"The strength of an army depends less upon numbers than upon efficiency."
Similarly, in his renowned 19th Century book titled On War, Carl Von Clausewitz emphasized a general principle of warfare:
"Make the best use of the few means at our disposal."
At the risk of oversimplifying, operational and financial efficiency is optimal and, in the case of cybersecurity, critical. In most businesses, companies are allocated budgets annually. When business conditions change budgets may increase or decrease. Regardless, the concept of efficiency is directly correlated to the ability to use those budgetary allocations more efficiently. If an organization can gain an efficiency of 20% that enables them to re-invest that saved 20% into additional security measures thereby enabling the equivalent of net improvement of 20% in security for the original amount allocated. The question becomes, how do organizations improve efficiency?
Borrowing once again from military theory, it is instructive to consider the concept of force multiplication within cybersecurity. Force multiplication refers to a factor or combination of factors that empower personnel, or other assets to achieve results that are greater than the sum of its parts. It's an essential concept when faced with challenging scenarios where numerical superiority is lacking. Force multiplication within the military can include training, doctrinal changes, psychology, deception, and technology.
Consider a 12-person Special Forces team (Green Berets). This 12-person team can recruit, train, and lead a 1,000-person indigenous force within months of arrival in country. Additionally, their proficiency in combat results in any enemy who wants to attack them committing a much larger force than would be required for a less proficient team. It should be noted that this proficiency comes at an expense of a very long training regimen of several years to become ‘fully qualified’. In short, the 12-person team acts as a much larger force in the eyes of the enemy. Some technological examples of force multipliers in combat would be the use of air refueling tankers which provide aircraft with virtually unlimited range.
Within the security domain a slight modification to the traditional military definition is suggested to account for the differences in purely defensive vs bidirectional operations:
“…using various strategies, technologies, and human factors to amplify the effectiveness of security measures.”
Numerous studies have demonstrated that today's conventional security approaches are increasingly inefficient, and therefore ineffective, in the face of evolving threats. In a parallel to how military experts seek to accomplish their objectives more efficiently, allocating fewer resources, incurring fewer losses, and achieving objectives more swiftly, companies should adopt a similar objective.
In much the same way that the Green Berets rely upon proficiency in their own operations, companies can recruit, hire, and train to gain an advantage at proficiency. Proficiency conveys a level of skill that supports efficiency rather than the simple mechanistic characteristics implied by efficiency. This may provide a force multiplication effect, but the key is to hire at the appropriate level.
From a technological perspective, AT&T can help your organization achieve force multiplication and cybersecurity efficiency through myriad products. These include: Zero Trust Architecture, Secured Access Service Edge (SASE), USM Anywhere, and Managed Vulnerability Programs (MVP), among other services and products.
By leveraging AT&T’s substantial suite of cybersecurity products and services, your organization can begin to see the benefits of cyber force multiplication that, in turn, will result in greater efficiencies for your organization allowing your company to get more bang for your security dollar.