How To Build a Cyber Fortress: Lessons From Ancient Greece
How can we apply ancient wisdom to modern cybersecurity concerns?
In this article, Julia O’Toole, CEO of MyCena Security Solution, discusses how organizations can protect their digital assets from ransomware using ancient Greek architecture dating back to the Mycenean era.
For centuries, Ancient Greece has inspired thinkers and mathematicians, giving birth to many influential concepts and theories that shape modern life and European culture.
The ancient city of Mycenae serves as a prime example. Set in the Peloponnese peninsula, the city was renowned for its bold traders, fierce warriors, and brilliant engineers who built remarkable bridges, functional drainage, and exceptionally robust walls. For five centuries, from 1600 to 1100 BC, its walls stood strong to protect the riches of one of the most dominant trade centers of its day.
The Ransomware Pandemic
It turns out that this defensive architecture could be as relevant today as it was 3000 years ago to protect organizations from the scourge of the deadliest threat of our time, ransomware.
Ransomware is a threat that captures and locks an organization’s vital assets, holding them hostage until a ransom demand is met. A typical routine for attackers is to target an organization’s staff with phishing emails to steal their access credentials, allowing them entry into the network. Once they gain an initial foothold, they can move laterally, escalate their privileges, and exfiltrate sensitive data before holding their systems hostage and demanding a ransom payment, all within a few hours.
The Fallacy of Cybersecurity Tools
One of the biggest challenges for victims of ransomware is the speed of the entire process. This is due to the way organizations have designed their network and system access.
To help their employees access their work resources safely, many organizations believe single access tools such as Privileged Access Management (PAM), Identity Access Management (IAM) and Single Sign-On are a solution. They believe they can gather all their data in one place, ringfence the perimeter, let staff use their own password to access the network and use detection tools to fend off external threats.
See More: How to Gain Stakeholder Support for Cybersecurity Awareness
Two Deadly Internal Vulnerabilities Introduced at the Source
However, they don’t realize this process introduces two deadly internal vulnerabilities right at the source.
First, by letting their employees make their work passwords, they don’t realize they have lost control of their own security. Imagine letting your employees make the keys to your house, your shop, and your factory in the physical world. Those keys aren’t yours anymore. Consequently, organizations neither control nor know if their passwords are shared, sold, stolen or reused in personal accounts. Because logging into work is so routine, attackers using stolen employee credentials don’t get detected as a threat. That’s why many breaches happen without being noticed by threat monitoring tools.
Second, by using single-access tools, organizations don’t realize they create the risk of losing everything at once. With one stolen password or biometric, a trespasser can steal the 2FA token to pass that initial security checkpoint and move freely through the network without hindrances since there is no segmented access between systems.
The persistence of these two embedded internal vulnerabilities explains why attackers can go from login to ransomware attack in a matter of hours.
Defeat Ransomware by Segmenting Access and Layering Defense
This model contrasts with the defense architecture we can still see in Mycenae today. To protect their city, the Mycenaeans built a first gate, called Lion’s gate, which opened to the city itself. Once inside the city, there was a second gate that gave access to the garrison. Once inside the garrison, there was a third gate that gave access to the king’s palace. They applied the key concept of layered security to keep their most valuable assets deeper in the structure of the city. This means if an attacker managed to slip inside the city, they would still not be able to steal the weapons in the garrison or the treasures of the king’s palace.
Because company passwords are what open the gates to their kingdom, they too can be protected using similar layered security. If organizations took back control of their security, stopped letting employees make their own access and segmented their access using a different encrypted password for each door, they too would have an impregnable fortress and be able to put ransomware at bay.
Now if an attacker steps inside the network, they wouldn’t be able to roam freely in the other parts of the network, and whatever they manage to collect behind one door would be too insignificant to launch a ransomware attack.
The wisdom of Mycenae’s layered defense and segmented access, which stood strong for centuries, remains relevant today. Now is the time for organizations to apply it:
Top Five Tips for Business Leaders To Improve Cybersecurity
- Don’t put all your assets in one place behind a single access: Separate the assets and put a different lock to protect each access, so you only need to change one key if one door is breached. Never use a master password, as they open all the gates at the same time.
- Never use someone’s identity for access: Biometrics and voice are not secret and easily replicable, especially now with AI. They are also non-changeable access keys and put employees at risk of identity theft for life.
- Don’t let humans make passwords: Always use tools to generate long random high entropy passwords, so they cannot be broken either now or later with quantum computers.
- Provide employees with encrypted passwords: That way, they can’t know them, share them, sell them or give them away. This makes sure you stay in control of the passwords to your network and data and not your employees.
- Store your most important passwords better: Try to keep your crucial passwords in the deeper layers of the credentials fortress so they are the hardest to get to.
What takeaways from ancient security strategies can you apply to your cybersecurity stance? Share with us on Facebook, Twitter, and LinkedIn.
Image Source: Shutterstock
MORE ON CYBERSECURITY
- Narrowing the Cybersecurity Skills Gap Starts With Security Awareness Training
- Importance of Cybersecurity Awareness for Rural Communities, Minorities, and Small Businesses
- Cybersecurity Awareness Training: 6 Tips To Raise the Bar on Security
- Cybersecurity Learning: Building a Culture of Cyber Awareness
