Image

The Knight: Unpredictably Evading Obstacles
Nearly half of those who participated in our survey said they would be the Knight. In explanation of their choice, one respondent pointed to the piece's unconventional style of movement as useful in the fight against digital attackers:"The Knight does not move in a straight line. It moves in 'L'-shape, which means it can guard the field without being in direct line of sight. It is concealed behind the corner and is therefore less predictable. This has important parallels in the world of information security. Removing 'predictability' is like adding another layer of security to a network. For example, if a hacker can't figure out how your data is guarded, it will take them a lot more time to launch a successful attack, providing us with more time to spot them sneaking around so that we can shut them out."Others pointed to the Knight's ability to maneuver over other pieces without requiring them to first move out of its way:
"The Knight is not constrained by obstacles along its path. In security defense, we should be like the Knight. We can't let ourselves be constrained by what the attacker has set up or blocked. Rather, we need to be agile enough to move past obstacles and take down the enemy."Together, unpredictability and maneuverability are key advantages when it comes to protecting your organization against a host of digital threats, as one participant astutely observed:
"I chose the Knight because its job is to defend or attack the King and Queen. It will constantly be on the battlefield facing down adversaries that range from Pawns (script kiddies) to other Knights and Bishops (organized crime and hacktivists) to Kings and Queens (nation-state actors). It is dedicated to the cause of keeping the kingdom safe against whomever might choose to attack."With that in mind, the Knight should never be neglected. In fact, strategic use of this piece could mean the difference between victory and defeat. One respondent clarified this point for us:
"If used correctly, it can set up an easy win. The Knight is superior to the Bishop, a 'slacker' piece that can't move unless someone moves out of its way."
The Bishop: Deflecting to an Easier Target
Not everyone felt the same way about the Bishop. In fact, those who chose this piece likened it to the Knight in its ability to surprise the enemy with unconventional movements. One respondent, for example, said, "No one ever looks out for a Bishop." Another expanded upon this thought:"I would counter a cyber-attack with a diagonal move instead of a blocking it head-on. In other words, I would try to be different from what an attacker might expect to find so that I could counter their tools and drive up the costs to attacking me. This way the attacker would go elsewhere for an easier target."
The Pawn: Unveiling the Opponent's Strategy
And what easier target could there be than the Pawn? Many consider it to be the weakest piece in chess because it cannot move very far and can only move forward. However, it can still serve a critical function: sacrificing itself in order to unveil the attacker's strategy. That is exactly why one respondent chose to be the Pawn:"The Pawn is used to identify the strategy of the hacker. It sacrifices itself to see what techniques the hacker is using. In the process, it provides the player with invaluable knowledge on how they can develop and deploy a stronger defensive strategy."Integral to that strategy is where and how a player chooses to delimit the front line of defense, a decision which also applies to information security. One survey participant puts it perfectly:
"A pawn's job is to help the business securely achieve its objectives. It slowly and methodically advances the front line of defense while allowing its fellow pieces to strategize and maneuver behind it. A pawn moves only forward, never backwards, as it advances its security posture in conjunction with business objectives and with seven other pawns on the board, i.e. an organization's defense-in-depth strategy and controls."
The Queen: Wielding Power to Rule the Board
With the Pawns holding down the front lines, more powerful pieces such as the Queen can develop a plan of attack. Only one respondent ultimately chose the Queen, but as they explained to us, they did so because it (like the Knight) is one of the most flexible pieces in chess:"I would choose the Queen, the most powerful piece on the board. Its ability to move far in a number of directions enhances its ability to protect all the other pieces, especially the vulnerable King. And let's face it, the security industry needs stronger women pieces."
Conclusion
As our experiment at RSA reveals, infosec professionals can strengthen their organizations' security defense by adopting certain qualities of the Knight, the Bishop, the Pawn, and the Queen. However, just like in chess, merely placing these and other pieces randomly around the board does not guarantee victory. As Conacher writes in his second infosec-chess piece, organizations need to act like a player and develop a strategy that makes the best use out of all of the pieces. Failing to do so will essentially hand the match to the opponent, regardless of what security controls and other defenses an organization has in place. What chess piece do you feel would contribute most to your organization's security strategy?Image
