Lessons from history
My passion for history, combined with my “professional bias” unavoidably leads me to pay attention to certain historical events, from which useful lessons can be drawn and applied to modern cybersecurity.
Admittedly, historical reconstructions are often controversial and disputed by historians, and it is always difficult to understand how much a particular episode may have influenced the final outcome of very complex events.
The episode I focus on here is no exception to the rule, but the lesson that can be learned from this specific incident is certainly illuminating and worth spending some time on.
It is 1453, a year that represents the transition from the Middle Ages to the Renaissance phase for many historians and is of fundamental importance in human history.
The fall of Constantinople
The year marks the end of the last bastion of Roman civilisation, the Eastern Roman Empire, whose capital, Constantinople, is finally conquered by the Ottoman Turks, led by Muhammad II. The Western Roman Empire, the cradle of Roman civilisation, had already collapsed almost 1,000 years earlier under the attacks of Odoacer’s Germanic troops.
Constantinople, literally the “City of Constantine”, also called Nova Roma, (in 1930 it would take its current name of Istanbul), was put under siege by Ottoman troops on 6 April 1453.
The city was famous at the time for its walls, which were considered inviolable, but the Turkish troops had a fantastic new weapon at their disposal: the Ottoman cannon. Ultimately, this too is a valuable lesson to consider: there is no inviolable defence system, because the evolution of types of offence calls into question any “adjective”. Defence methods must constantly adapt to resist the evolution of different types of attack.
The superiority of the Ottoman Turks was also reflected in terms of the forces on the field, at least 10 times more than the Byzantine forces, a decisive factor in the outcome of the battle. Although it must be said that Constantinople resisted the attack for a full 53 days.
On that very day, 29 May, the day of the surrender, the event of Kerkoporta took place, which today is classified as decisive for the fall of the city. Kerkoporta was a secondary entrance that was used for relieving sorties. It is likely that at the end of one of these actions, it was left open. A troop of Ottomans took advantage of this to infiltrate the city walls and hoist their banners on the ramparts above the Kerkoporta. An action that caused great discouragement among the defenders, who clearly lowered their defences even further, allowing Muhammad’s troops to take control of the city, putting an end to the Eastern Roman Empire.
The Human Factor
The contemporary lesson we can draw from this episode is almost symbolic and describes the situation in which most cybersecurity departments find themselves.
They invest energy and resources to build “robust” defences, capable of resisting continued cyberattack attempts, only to see their efforts thwarted by user behaviour, which, in effect, breaches the defence system.
This is why cybersecurity today cannot disregard continued investment in the human factor, with the aim of transforming users from the weakest link in the defence chain to the first line of defence against Cyber Crime.
How? By means of an ongoing process of education and training, incorporated in a framework with the primary objective of developing an organisational culture of information security.
Contributing to this great mission, has been the primary aim of Cyber Guru Italia since 2017.