Photo Credit: Maciej Szczepańczyk via Wikimedia Commons cc
Let’s jump in a time machine and travel back in time to meet one of the greatest strategists that has ever lived – Alexander the Great. On October 1, 331 B.C., one of history’s greatest battles was fought between Alexander the Great of Macedon and Darius III of Persia. This battle is known as the Battle of Gaugamela (also known as the Battle of Arbela). Darius did not leave anything to the chance and assembled the largest army that the world had ever seen to destroy Alexander once and for all. The exact number is not known, but estimates suggest that the army of Darius was anywhere from 250,000 to almost a million. Darius recruited the best cavalry and brought elephants as well. Alexander’s army was estimated at only 40,000 men. Alexander was heavily outnumbered and he was well aware of that.
The night before the battle Alexander gathered all his commanders and shared his plan and strategy for the next day. He explained to them that Darius brought a huge army, but at the same time it was assembled from so many different tribes across the huge empire. Each tribe had their own language, culture and different approach to fighting. The only thing that was bonding them together was loyalty to Darius. Alexander built his strategy upon this weakness. He believed if he killed Darius, the army would panic and retreat. On the other hand, Alexander’s army was well trained, well-armed and was always fighting as one unit.
The next morning Darius lined up his army that was ready to crush Alexander’s troops. Alexander knew he had no chance facing the army of Darius in parallel; therefore, his strategy was to align his troops at a 45 degrees angle. The army was positioned to the right of the center of the troops that Darius lined up. Darius was in the center surrounded by his elite troops to protect him. Minutes before the battle started, Alexander ordered his men to start moving forward and slowly to the right. Darius was confused with this move and ordered his troops to move in the same direction in order to maintain the same position. Alexander’s strategy was to make Darius send most of his troops to the sides to attack Alexander’s wings. The plan was to create an opening in the center by separating Darius from his wings and directly attack him unexpectedly. The tactic worked and as soon as the opening appeared between the center and wing, Alexander directly attacked Darius who was unprepared for this scenario and was forced to retreat. At that point Alexander was fighting a very small portion of Darius troops as his strategy ensured that the rest of the army could not intervene as it was on the sides. Darius’ army started panicking and retreating as well. The history documents indicate that Darius lost between 100,000 and 400,000 men and Alexander lost less than 1,500 men. This was brilliant plan and strategy that is even studied today.
Now let’s fast forward back to the future and digital age that we live in. Alexander’s strategy withstood the test of time and provides us with a powerful message – as security professionals what can we learn from this?
In today’s cyber era, every organization, regardless of its size, must have an information security strategy and plan in place to fight hackers, reduce the risk and protect data. If Alexander had no strategy and attacked Darius in parallel – Alexander and his army would had been destroyed within minutes. Just like the army of Darius – the hackers come from all over the world speaking different languages and use different tactics to attack our networks. But one thing that they all have in common is a will to exploit lurking vulnerabilities that we don’t discover in time or choose to ignore.
Even the largest organizations will never have the luxury to outnumber the hackers. Therefore, it is essential to develop an information security strategy to be executed in order to protect us against the much larger enemy. Planning and communication was extremely important in order for Alexander to execute his strategy. We must include all business units while planning the security strategy and communicate it to our executive management in order to be executed across the entire organization. The entire organization must act as one unit agreeing to follow developed strategy.
When Alexander developed his strategy he analyzed Darius and his army in order to discover his weaknesses and then built his strategy based on that analysis. As an organization, we must conduct risk assessments and discover our own weaknesses and then build the strategy around the areas where we are vulnerable the most and where the possibility of attack is very likely. Hackers conduct vulnerability scans against our externally facing assets all the time and for free – we just don’t get to see the reports. We must be prepared to fight them back in an organized, prepared and comprehensive way.
Information security strategy will depend on the organization and business sector they operate in. Each organization has their unique risks; therefore, the strategy approach would have to be aligned with your own business objectives. Some organizations might incorporate a honeypot in their strategy – just how Alexander’s strategy was to trap Darius by having him send most of his troops to the wings and make himself vulnerable.
Alexander’s army was well trained and executed the strategy as planned. As an organization, we must ensure to provide the necessary training to our security team to ensure they keep up with the evolving threat landscape and arm them with the proper tools and processes to execute the strategy. We must ensure we are synched as an organization and know exactly how and when to execute each process within the strategy. Alexander knew exactly when was the right moment to exploit the weakness and directly attack Darius and win the battle.
Alexander helped us understand that strategy is not an option, but a requirement to fight a much larger enemy. At the same time it teaches us that a well-executed strategy will help us win and stay in business no matter who our opponent is. If Alexander lost the battle, it would had been the end of his empire. We must look at our own organization from the same perspective. If hackers keep winning the cyber-battles against us, it would eventually be the end of our business and organization. We cannot afford to have the cyber-battles on a daily basis without a proper strategy. What is your information security strategy to keep your organization secure and in business?
This analogy will also be available in Serbian, Croatian and Serbian Cyrillic.