Asymmetric warfare isn't new. It has a long history, from when 300 Spartans held Xerxes' Persian army of more than 100,000 in 480 BC, right through to modern day. You might even argue that Odysseus and the Trojan horse in 12th century BC qualifies as the earliest. All very interesting - but what is the relevance to modern business?

Cyber attacks - the similarities are striking. Often small groups of highly-focused and motivated attackers with little in the way of hierarchy or command and control take full advantage of the anonymity, flexibility, agility and rapid response offered by the use of modern technology. Cyber attacks also share the latest trait of asymmetric warfare; they are global, both in origin and effect. 

Looking back through history can provide two insights for businesses faced with cyber attacks.

The first is that brute force, throwing masses of resources and technology at the problem, alone has a limited effect. As you increase your cost and effort, the effect diminishes, ultimately becoming counter-productive and sapping vital resources. Instead, a careful, considered and proportional deployment acts both as a deterrent and sustainable first line of defence. Back in ancient Greece the Spartans were making the best possible use of their forces, with only a 300 strong army they had to lead a defensive battle rather than a decisive one. This strategic plan worked to their advantage as they were able to move quickly, defend multiple constricted passages and tactically block the narrow passes.

The second is that intelligence-led operations prove amongst the most effective methods to detect and nullify the enemy. Although they had a small army, the Spartans had a greater knowledge of the battlefield, they knew their enemies weaknesses and were able to exploit this to their advantage. In network defence terms, this is the logging, monitoring and threat surveillance by capturing and analysing the traffic on your network. Just like the intelligence work in the world of spies, it is painstaking, methodical and frequently boring but importantly requires a highly skilled human touch. You need the relevant tools tuned to your business and skilled operators to protect your business. While it may appear expensive in cash terms, it is one of the few means to take a pro-active stance against cyber attackers. The re-active and often more expensive alternative is a phone call in the early hours telling you "we have a problem". 

The analogy between cyber attacks and warfare is not perfect; there is a crucial difference, vulnerability in the adversary. Not all cyber attackers have access to the same amount of resources and sophisticated technology and only rely on weaknesses in organisations. There are known defences, which if applied carefully and rigorously, will successfully deter, detect or defeat the vast majority of common attacks. The SANS Top 20 Controls is one collection of such defences of proven best practices. They are developed globally, published freely and applicable across all industries.

The situation might appear overwhelming, but there are tactics and strategies which can help you turn the tables, and can even the odds. From Xerxes to the World Wars, the massed hordes have been held back by the few. Asymmetry works both ways if you choose your battle carefully. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.