Skip to main content
Microsoft Security

What’s The Art of War got to do with cybercrime? Quite a bit, actually.

Sun Tzu wrote that mastery in the art of war is about subduing one’s enemy without having to fight. As the modern world contends with increasingly sophisticated cyberattacks from both criminal and political adversaries, this 2500-year-old cliché is key to enterprise security strategy.

Today, the “bad guys” of the Internet are both professional in their business tactics and entrepreneurial in how they leverage opportunity. They’re well-organized and use a mature supply chain. They’re operating cloud-based services offering bots, exploit kits, and more. Cybercrime as a Service (CaaS) shares many of the features of legitimate enterprises, and cyber warfare has become as much about business as it is about malfeasance.

The variety and frequency of attacks can make defending against cybercrime feel like a Sisyphean effort, but understanding the motivations and socio-economic model of modern cybercrime provides practical insight to protect, detect, and respond to likely attacks.

Know the adversary

There are many sorts of criminals who use the Internet for chaos and profit. The lone “haxx0r” trying his “leet skillz” against the establishment is still a relevant trope, but most of today’s cybercriminals operate in increasingly sophisticated teams.

Motives of malicious hackers can range from theft for barter and profit to professional fame or even a vendetta. Understanding these motives is to your advantage. If you can increase the level of effort required to breach your network and reduce or eliminate the attacker’s potential ROI, then you decrease interest in your system as a target for cybercrime.

Survey the battlefront

The Dark Web is both marketplace and delivery system for cybercrime activities, though to be clear, not everyone using the Dark Web is engaged in commercial/criminal hacking. The appeal of not being tracked lures many to anonymity networks (such as Tor) where activities include peer-to-peer file sharing, black market trafficking, political organizing, and so on. Anonymity and untraceability make the Dark Web the environment of choice to run botnets and buy and sell CaaS services.

Black hat hacking methods might vary based on a region or culture, but globalization is as much a factor in production, labor, and monetization patterns of CaaS as it is for legitimate multinational enterprises.

Recon enemy tactics

From exploit kits to ransomware, the products and services of CaaS are numerous and evolving. Cybercriminals use attack methods that are elusive by default and designed to exploit their target’s specific vulnerabilities. For a deep dive on black hat methodology, read “Understanding Cybercrime,” a Microsoft white paper. Here are some common CaaS services:

Craft a defensive strategy

Another warfare truism is that the attacker only needs to succeed once, while the defender must succeed every time. Therefore, the goal in cybersecurity is not about being able to fight attacks from all comers; instead, it’s about making your enterprise so difficult or costly to attack that cybercriminals prefer to look elsewhere.

By the way, you might want to check out a test that Microsoft developed to help identify stack defense against attacks in the wild. Find out where your company’s gaps are and where you’re overdefended.

Last but not least, cultivate alliances

Business leaders sometimes worry that moving business processes to the cloud will increase vulnerability to cybercrime threats, but the reverse is actually true. At the risk of stretching the military strategy analogy, businesses defending themselves against cybercrime are more effective when they share intelligence, work together to contain enemy resources, and coordinate countermeasures.

CISOs must consider pros and cons when it comes to outsourcing data defense strategy, but walling in the enterprise is seldom a viable solution. (Military history is full of examples showing how well walls work. Which is not very.) Stay on top of threat intelligence through information security groups such as the Information Sharing and Analysis Center (ISAC) specific to your industry.

And it’s good to have help. At Microsoft, our Trusted Cloud commitment to enterprise customers is founded in 30+ years of studying malicious hacking and developing technology to defend against it. We have end-to-end expertise deploying on-premises and cloud-based networking solutions, infrastructure, and formal processes.

The Microsoft Digital Crimes Unit (DCU), in partnership with international law enforcement and global cybersecurity experts, works to discern patterns across the cloud, across industries, and across borders for comprehensive threat modeling, which enables us to develop predictions about cybercriminal behavior. In addition to disrupting cybercrime, the DCU focuses on child protection and preserving intellectual property rights. Read how the Microsoft DCU fights cybercrime in “Digital Detectives.”

To paraphrase The Art of War, success in battle comes from knowing the enemy’s motivations, means, and methods as well as you know your own.