About 2,500 years ago, Chinese military strategist, Sun Tzu, wrote "The Art of War." In it, he said: "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Tactics and strategy should always complement each other, and are two sides of the same coin. With each successive large-scale cyber attack, it is slowly becoming clear that ransomware is replacing traditional bank heists, and more importantly, military incursions as these attacks now target the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

In the battlefield of cybersecurity, here's how we define the tactical versus the strategic:

|
  • Strategy defines your long-term goals and how you're planning to achieve them. In other words, your strategy gives you the path you need toward achieving your organization's mission.
  • Tactics are much more concrete and are often oriented toward smaller steps and a shorter time frame along the way. They involve best practices, specific plans, resources, etc. They're also called "initiatives."

The opposition implements these same principles in their dark rooms and secret online forums. Even the most basic strategy drives toward a mission — knowing what their goals are, who they intend to strike, and when they intend to activate their attacks. This explains why we see targeted attacks, sustained campaigns, rapid execution, massive ransom amounts and significant impacts.

Based on that strategy, various specific tactics are employed to achieve their goals. When we dissect the aftermath of a ransomware cyber event, we find a trail of tactics used in the attack, such as phishing, misdirection, privilege escalation and propagation, among many other pieces. This elective matrix of tactics explain why it often seems that security systems were just a step behind. You will find that each tactic is an escalation to a next step and the next tactic, driven by the overall strategy.