Applying Aristotle’s ‘First Principles’ to revolutionise cybersecurity

Article by Virsec A/NZ regional director Robert Nobilo.

‘First Principles’ is a concept that emerged during the time of Aristotle. He used this approach to break down a complicated problem into its most basic elements and reassemble it from the ground up, using only the irrefutable truths that remain.

Fast forward 2,000 years, and Paypal Co-founder Peter Thiel and Netflix CEO Reed Hastings are among a group of industry leaders who use the ‘first principles’ decision-making strategy to build companies that disrupt and improve entire industries.

Today, we can also apply ‘first principles’ to the challenge of cybersecurity. Unfortunately, traditional security approaches that were once effective in preventing basic cyber-attacks are no match for today’s sophisticated adversaries. As the techniques of hackers continue to evolve and become more complex, our approach to security needs an overhaul as well.

First, let’s take a look at why traditional security approaches are outdated and ineffective.

Why traditional security approaches just don’t cut it nowadays

Digital transformation, cloud connectivity and remote work have enabled companies to be more competitive, generate revenue and increase productivity. However, with this connectivity and an expanded attack surface comes increased risk. Cyber threats are also evolving.

A surge in supply chain attacks like Log4j, SolarWinds, PrintNightmare and Kaseya all continue to exploit vulnerabilities in this software, impacting millions of users downstream while costing billions of dollars to contain and remediate. These attacks take advantage of hyperconnectivity and application vulnerabilities as gateways to bypass traditional security solutions such as endpoint detection and response (EDR), allowing the adversary to control the software and launch malicious activity in a matter of seconds.

Despite prioritising security and investing in upgrades, CISOs and organisations are falling further behind. Conventional security approaches aren’t effective because they focus from the outside in—chasing evolving threats and plugging porous perimeters. This abstracted approach has proven to create an endless game of cyber…