Exploring OODA - Hidden power of Schwerpunkt

"While there were some signs of ransomware decreasing last year due to increased pressure from law enforcement and several ransomware groups shutting down, the last few months serve as a stark reminder that we are far from being in the clear" is a quote I gave in Black Kites 2023 Ransomware Threat Landscape? Report. I even saw a few CISOs and a CEO of a cyber company post earlier this year that the ransomware threat was winding down; time to move on to new threats. This leads me to the 2nd article in my series about the hidden power of the OODA Loop and the concept of Schwerpunkt.

Some of the content below is taken from a new book I am working on:

Schwerpunkt is a German term meaning "center of gravity" or "focal point." The concept of Schwerpunkt was initially developed in the context of military strategy, particularly in the works of Prussian general and military theorist Carl von Clausewitz. In military strategy, Schwerpunkt represents the key point of an operation or the primary objective that, if achieved, can lead to victory or bring about the enemy's collapse.

In the context of the OODA Loop, Schwerpunkt refers to the focal point of an organization's decision-making and action-taking process. This focal point is often the main objective or goal that guides an organization's efforts in responding to various situations, including cybersecurity threats. By identifying the Schwerpunkt and focusing resources and efforts on it, organizations can prioritize their actions and make more effective decisions.

In cybersecurity, Schwerpunkt could be protecting sensitive data, ensuring system uptime, or maintaining the integrity of the organization's digital assets. By concentrating on Schwerpunkt, cybersecurity professionals can make more informed decisions within the OODA Loop framework and prioritize their actions to achieve the most significant impact.

When I saw the leaders who thought ransomware was on the downswing, the lack of Schwerpunkt came to mind.? Can we be so easily swayed to take our focus from our objectives from short-trend reporting? In another Black Kite research report, Cost of a Data Breach, the longer term view, five years, showed a different picture. The analysis showed that 17% of the 1,700 analyzed breached companies are still highly susceptible to ransomware attacks.

The point of this is that in an ever-changing threat landscape, we have to remember to keep our adversary's objectives in mind. The Ransomware Threat Landscape? Report shows that while conventional ransomware (encrypting and holding data and systems hostage) may have decreased, the trend is that bad actors are using the same TTPs (tools, tactics, and procedures) to blackmail (threat of data release) the victims.

In a future article, I will discuss the concept of Blitzkrieg and the OODA Loop (of which Schwerpunkt is integral) and its other components. Some great pre-reading would be the book “Certain to Win: The Strategy of John Boyd Applied to Business” by Chet Richards

#cyber #cyberstrategy #ooda #oodaloop #thirdpartyrisk #srs #blackkite #ransomware #strategicthinking