The Infinite Game of a Cyber Attack

Author: Ari Spilman | President

Simon Sinek is a well-known inspirational speaker, and one of my favorites. In his recent best-seller “The Infinite Game,” he breaks down how world-class businesses learn to pivot to stay on top of their game, even as many things in life change.  Whether they are social and generational changes, political, technological, or others.  As I read the book, I kept thinking about how I could apply Sinek’s concepts to the developments that I’ve seen in the cyber security space over the last few years.

Let’s first briefly review how Sinek defines “The Infinite Game.”  To many people, a game is played primarily to win.  To win you need a defined goal and a set of rules on how to reach that goal.  All players have the same objective, and they will all abide by the rules in place.  Businesses have some similarities, but they also have a few key differences.  In business, there are no winners or losers.  To win, you need to have the same goal, yet every business will have a slightly different target that they set out to reach.  Some may be after a big payout, while others want to build something that will outlast the founders while delivering goods, services, knowledge, or aid to others.  So how is the business world similar to a “game?”  It’s simple – the opponents.

Some may call the other players in the business game competitors.  I have learned to call them rivals.  There are rivals and worthy rivals. The key difference here is “worthy.”  One may ask, “what makes a rival worthy?”  It’s simple.  One needs only to understand the company’s goals, core values, and ability to pivot due to industry changes, while still holding on to those original goals and core values upon which the company was founded.  If a company can change the way it runs during times of change, and sometimes even what it delivers to its clients, all the while keeping in touch with its underlying values and mission, then that company will end up thriving, and it will be a rival I’d be honored to play the game with.

Today I am the President of a Managed Service Provider (MSP).  What all MSPs need to provide their clients today has drastically changed within the last couple of years.  We used to be focused on infrastructure, efficiencies, and a place for businesses to turn to with their ever-changing technology needs.  Today, however, on top of all that we are also on the front lines of cyber warfare. We are the first line of defense and should be involved long before a cyber breach occurs.  And we remain involved all through the recovery process, including during the long sleepless nights during the incident. The most amazing thing about our industry is that we have “NO” rivals in the MSP space.  The amount of information sharing and partnership I see every day between MSPs is so unimaginable that most people wouldn’t even believe it.  Our rivals are cybercriminals.

So, exactly what has changed over the last couple of years that these rivals are now taking up so much space in the media, our businesses, and our personal lives?  The answer is that they have become “Worthy”.  The criminals have learned to adapt to the technology that was built to keep them out.  As all the big players out there – like Microsoft – develop business tools and solutions, they look for vulnerabilities to penetrate the systems and hold us hostage for a hefty ransom. When we implement measures to protect that vulnerability, they don’t give up but rather look for other vulnerabilities to leverage and gain access to what we protected.

An infinite game is simply one where players are constantly thinking of new ways to stay ahead, but realize that their worthy rivals will be ahead of them from time to time as well.  Each player values the other in some way and is willing to learn from the other how to be better and stay ahead. As MSPs, we try to share our knowledge so that even after we are gone, our successors have all the necessary tools and resources needed to continue the game and stay ahead.

Zero-Day attacks have set a record in 2021.  A Zero-Day attack is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of.  To me, when one of these happens it means that a worthy rival has risen slightly above us at the current moment.  Luckily, the players in the game on our side have been quick to find temporary solutions and ultimately release long-term solutions to prevent these attacks.

I urge anyone reading this article to have a serious conversation with their MSP about these concerns and make sure that they are a “worthy rival” while fighting in this infinite game. If you have any doubt about their capability, then talk to another one, as there are so many great MSPs with the right core values and goals to keep your business safe and allow you to focus on what you need.