The Four Cybersecurity Ninjas

CyberDefenses - Ninja

(Based on the four villains from Decisive: How to Make Better Choices in Life and Work, by Chip and Dan Heath).

by Daniel Cohen

No one wants to make the wrong choice.

And not only because of possible repercussions like losing a job, mucking up a relationship, or creating a situation that will require months of time and effort to be remedied. The psychology of this kind of avoidance goes much deeper than that. To admit a wrong choice is to open up to criticism of the very self, to show vulnerability, to acknowledge that there are things unknown in this very complex world.

And the unknown is what we fear most.

When it comes to decisions, often all we have to go on is a portion of incomplete information, our temperament, and our perspective at the time. With such tools it’s impossible to predict how to respond to a situation perfectly. But to err is to be human, and considering the plethora of unknowns we have to deal with on a daily basis, sometimes making any decision at all can be valiant.

When it comes to the internet, the unknowns can multiply.

Not only do we have normal obstacles for good decision-making, but the vast frontier of cyberspace has inspired entire new facets and dimensions that need to be taken into consideration. How do we protect ourselves from threats we might know relatively nothing about? Identities can be falsified and fluid. Websites can contain malware that might lurk undetected in your CPU. Sensitive information can be ferreted out with code.

Unfortunately, there is no magic flashlight that can peer around the dark corner of your cyber future. And if there were, the batteries would be too expensive to afford. But there are certain entities you can employ to give you an advantage. Just like with everything else, a little bit of knowledge can be leveraged into a lot of power. And when it comes to navigating the dark, who do you want on your side?

Ninjas, that’s who.

Here are the four cybersecurity ninjas that can stand by your side in the shadows.


CYBERSECURITY NINJA #1 – The Ninja of Many Eyes

One of the biggest obstacles to making good decisions is a narrow perspective. We tend to look at things in a ‘should I do this or should I do that?’ framework. It’s easier and seems most logical to separate our choice into two definitive options, but if we only give ourselves binary choices we stifle our potential for discovering better, more prudent paths. Take the example of the ‘Miracle Cure’ fixes that some companies peddle, often costing the same as taking your whole company on a Caribbean cruise. This leads you to ask: should I get an expensive fix that is far out of my budget, or not? It’s a binary choice. When you send in the Ninja of Many Eyes, you’ll begin to see that there are other questions you can ask. Are there smaller, more cost-effective options that can keep me safe? Should I trust a single firm or get a second opinion? Is there a way to outsource the security measures? Seeing around a problem often minimizes its menace, and provides a new perspective.



CYBERSECURITY NINJA #2 – The Ninja of Many Fists

Misery loves company. So does confidence.

One of the holes we tend to get our decision-making legs stuck in is the constant search for confirmation bias. In the pursuit of making the right decision, we more readily believe information that reinforces our existing beliefs instead of looking for a challenge. Again, this is normal human behavior (although that doesn’t mean it’s going to be the healthiest behavior). Confirmation bias can come from only visiting online forums that are one-sided, or even trusted advisors who are paid a fortune to tell you what you want to hear. You need to break down the walls. The Ninja of Many Fists can do this… with many fists.  If you can destroy the barriers [Hi-Yah!], which reinforce confirmation bias, you’ll instantly become more informed in your decision making. Suddenly the dark corridor becomes a breezy causeway.



CYBERSECURITY NINJA #3- The Ninja of Many Breaths

Panic. Even reading the word sends a shock of anxiety into the stomach and steals the breath from our lungs. When something goes awry, panic is sometimes all we can focus on, tossing judgment to the wind. Let’s examine a real-world scenario. A company has all of its payroll information recorded on a single system (program X) and tax time is around the corner. Linda from HR brings in cupcakes to ease the stress around the office, and while everyone is enjoying the home-made carrot-cake icing (sayonara diet!) Linda opens up the computer, giggles at the cute cat background, and clicks open her accounting software. Linda shouts. Icing flies everywhere. The system has been hit by Ransomware, which is demanding an exorbitant amount of money. The adversary is demanding payment, or else they’re threatening to delete all the files. Linda doesn’t have backups. She doesn’t know her debits and credits offhand. Who does?


The normal response to such stress would be to pay the ransom in order for the company not to fall apart. This is when the Ninja of Many Breaths comes to the rescue. This technique is all about stepping away from emotions and taking time to assess the situation. This choice is not as binary as Linda might think. If she caves and pays the ransom, then what’s to stop the adversary from infecting the company’s system again the following week? They now know the company is an easy mark, and they already know the way in, so why wouldn’t they continue their exploitation? With the Ninja of Many Breaths, Linda can consult with experts and figure out a more prudent way to save her files. This way she won’t put a bull’s-eye over the company in the future.



CYBERSECURITY NINJA #4 – The Ninja of Many Steps

This ninja is arguably the most important in the mental dojo, because this ninja is the most brutal. This one actually represents future unknown. Even if you fix a problem to the best of your abilities, it still doesn’t mean your solution will last forever, or that you won’t face similar problems in the future. Even if you perform a perfect incident response; even if you get the best-reviewed firewall, or proxy server, or SIEM that the market has to offer; it doesn’t mean that you’ll get to stop making prudent decisions in regards to your cyber security. The Ninja of Many Steps guides you down a path, because even though it might seem like the other way around, standing still is the quickest way to fall. Life moves fast. Cyber life moves faster. Small steps or large, the important thing is to keep moving with them.


Use them often, use them wisely, and treat yourself to better decisions.

Wise men have many counselors. Wiser men have many ninjas.

About the author

Carin Young