You wouldn’t expect the mention of ancient cartographers, or famous names like Vespucci, to evoke thoughts of cybersecurity. But cybersecurity truths are like cyberattackers — they pop up in unexpected places. Recently, while reading Sapiens by Yuval Noah Harari, that’s precisely what happened. I was struck by the parallels between ancient cartography and modern cybersecurity.
In the chapter titled “The Marriage of Science and Empire,” Harari notes that ancient cartographers had only partial knowledge of the world. Their understanding of Asia and Europe was extensive. Yet, there were considerable sections of the world that they knew nothing about. Because they believed their information was complete, it led to misconceptions, inaccurately labeled discoveries, and missed opportunities.
Security professionals and even executives often fall prey to similar erroneous beliefs. As experienced and dedicated leaders, it’s easy to buy into the mentality that because we’re experts and know more than most people about a topic, we know all we need to know, and anything we don’t know isn’t important.
Attackers understand this phenomenon and probe relentlessly to map out the cybersecurity of an organization before they strike. Using this information, they determine the path of the least resistance into your organization that results in the most reward. There is no reason to summit a digital mountain range if you can find the hidden mountain pass. As an organization, you can’t guard a security gap in your cybersecurity map if you don’t know one exists.