In 1805, the Austrian army marched against Napoleon Bonaparte in the War of the 3rd Coalition. But the Austrians didn’t wait for their allies (who would be crucially needed against Napoleon’s massive Grande Armée). Then, Napoleon feinted his movements to give Mack a sense of false security (while in fact the French army was quickly surrounding it from the rear). General Karl Mack von Leiberich’s trapped Austrian forces hoped that General Mikhail Kutuzov’s Russian army, their far-away ally, could rescue his surrounded army. But the Russian allies were still too far from the battlefield. And so, General Mack surrendered his entire army (casualties: 60,000 men!) to the Emperor Bonaparte, just six weeks into the war (Chandler, D. G. (1967). “The Campaigns of Napoleon”). Lack of coordination is deadly.

Security lesson: coordinate with your teams! Everyone must be coordinated in their defense against the never-ending onslaught of cyber criminals – management, IT team, vendors, managed service providers, and end users. Have sufficient funding? Are end users aware of common and advanced risks? Employees typing their corporate passwords into unsecure public Wi-Fi networks? Are managers falling prey to clever social engineering? Will one of the thousands of employees accidentally click one of those thousands of daily phishing emails?

And never get complacent – when you feel safe, it might not be enough, especially against a determined enemy whose only goal is to win. The margin of error between a cyber incident and not is slim! Have you ever spoken to someone responsible for a data breach under their watch? No on envies that person…

SPEED: Unprepared security posture.

While the Napoleonic Wars raged in Europe, the United States declared war on Great Britain in 1812, British troops in Canada received news of the declaration even before U.S. troops knew! Secretary of War, William Eustis sent a letter informing General William Hull to prepare for war. But a letter written on the same day with news of the actual declaration of war arrived a week later because it was sent by regular mail. Therefore, this allowed British Major-General Sir Isaac Brock to take the initiative for Canada. The result: the U.S. was unprepared for the war and greatly miscalculated time required to organize fighting units. Reaction times are crucial during cyber security breaches and incidents.

Still don’t have 2FA yet? Don’t let a few days, weeks, or months destroy years of accomplishments. How long should you leave the door unlocked? Probably never. Quick hackers will immediately exploit the little time between setup and changing the password from the weak default password. All hacking incident involves timing as a crucial factor in many way. They needed preventative measures sooner. Downtime could have been shorter, etc. Here’s a low-hanging fruit for hackers: someone buys a security camera, sets it up, and doesn’t change the default password. The hacker can just look up the default password. In conclusion, every minute delayed in changing the default password is a greater chance some malicious hacker will gain access.

By the way, if you don’t have 2FA already, you should get that checked off ASAP. Double your security. A strong password is no longer enough in 2021.

Unencrypted messages are bad.

During World War I, General von Hindenburg, and his Chief of Staff, Major General Ludendorff, led German forces to a decisive victory at the Battle of Tannenberg. The Germans initially discovered Russian objectives in the form of a written order on a fallen Russian officer. Then, the information was confirmed by an unencrypted intercepted radiogram sent by the Russians. Lesson one: encrypt and keep tight control over sensitive information and where it is being stored (and transported) by end users. Even passwords written on paper and thrown in the trash could be picked up by some malicious actor. Don’t let employees write passwords down! They could lose the paper they wrote it on. Someone could take a picture of it. Another person could share the password with some other unauthorized person. Don’t meekly give up the pursuit of a strong password culture.

Lesson two: don’t send unencrypted messages that others can eavesdrop (the Germans weren’t even looking for Russian messages, they happened upon them)! You never know who’s listening. Opportunity creates incidents. Then, some lessons in security continued being learned by some during World War II.

Every cyber security expert warns people not to connect to Wi-Fi networks (without a VPN). Cyber criminals can exploit public Wi-Fi networks to “sniff” messages and emails (able to read your emails and messages). Eavesdropping is a serious issue in modern cyber security. Use encrypted emails and never connect to any Wi-Fi without using a VPN to mitigate risks. Proactively prevent eavesdropping – you never know who’s listening and/or watching. Be smart, be preventative, and learn from the lessons of the past.