One of the most intriguing concepts I’ve discovered in cybersecurity so far is the ‘zero-day’ and one way I’ve been thinking about it (as I train for my first amateur boxing match) is in terms of punches and positioning tactics.
Imagine an impactful punch in a boxing match, that despite doing so much preparation and training, the opponent simply does not see coming, this is a decent stand-in for a zero-day; a vulnerability uncovered without the other party knowing. Threat minimisation is the main game here, whether it’s in security or sparring, and how we think about key strategies can alleviate much, or hopefully all damage.
WEAPONISING TACTICS
Investigative journalist Nicole Perlroth provides an excellent definition of zero-days; ‘A zero-day is a software or hardware flaw for which there is no existing patch’ In her wonderful 2021 book, ‘This is how they tell me the world ends’ Perlroth, who has spent years writing about cyber for The New York Times explores the zero-day market, a place populated by hackers and criminals who find vulnerabilities in systems and sell them to Governments or companies – essentially, weaponising them to attack people with. If we think about this in relation to boxing, the famous Mike Tyson quote comes to mind ‘Everyone has a plan until they get punched in the face’ These exploits are a punch in the face.
Like finding ways to avoid the punch, or at the very least lessen the impact through foot and head movement and a solid guard, cybersecurity professionals leverage zero-day protection to reduce the likelihood of a zero-day attack.
‘The term “Zero Day” implies that developers have zero days to address the vulnerability to prevent its exploitation.’
Zero day attacks are of particular concern as they may be undetected, and offer threat actors (the attackers) access to sensitive data or systems – which is the appeal for the zero-day brokers who take these exploits and sell them to Governments and organisations who treat the exploit in the same way a weapon would be treated; they are used to cripple, impair or disrupt an opponent.
Using clever footwork, headwork and defensive tactics such as keeping a tight guard reduces the amount of thrown punches landed in boxing. In security, the preventive work is not too dissimilar; firewalls, intrusion detection systems, employee training in cybersecurity hygiene (education around phishing and clickbait are of particular note) and software updates provide a buffer for any threat actors who wish to do harm.
JUNGLE CRY
In 1974, Muhammad Ali met George Foreman for the legendary ‘Rumble in the Jungle‘ in Kinshasa, Zaire (present-day Democratic Republic of the Congo) Ali’s strategic use of distance management against George Foreman’s powerful punches proved crucial to his victory. Ali’s ability to maintain a safe distance and adapt to his opponent’s strengths is a key lesson in the importance of agility and strategic thinking.
In the realm of cybersecurity, the WannaCry ransomware attack of 2017 serves as a stark reminder of the importance of proactive defence against zero-day vulnerabilities. The attack, which impacted over 200,000 computers in 150 countries, exploited a weakness in Microsoft Windows, much like a boxer exposing an opponent’s vulnerability. Just as Ali’s agility and adaptability in the ring helped him emerge victorious, organisations must remain vigilant and implement robust security measures to protect against the ever-evolving threat landscape.
MANAGING VULNERABILITIES
At first glance, the realms of boxing and cybersecurity may appear vastly different. However, upon closer examination, it becomes clear that both disciplines require clever decision-making, patience, and persistence. In the ring, a boxer must skillfully navigate their opponent’s reach, using their hands and mind to control the space and timing between them. Likewise, in the field of cybersecurity, professionals must deftly manage vulnerabilities and threats, utilising tools such as firewalls, secure networks, and the principle of least privilege to minimize risk.
Just as a skilled boxer gracefully zigs when their opponent zags, cybersecurity experts must anticipate and adapt to the ever-evolving landscape of digital threats and being willing to constantly learn. Curiosity is vital. Both disciplines demand a calculated balance between offense and defense, with a constant emphasis on staying one step ahead. Ultimately, the art of mastering distance management in boxing mirrors the finesse required to maintain a robust security posture – an essential skill that the best in both worlds make look effortless.
Seeline CYBER 
Leave a comment