What's Old is New Again: Learn from Cyber History with Documentation
“Those that fail to learn from history are doomed to repeat it.” - Winston Churchill
“Sooner or later, everything old is new again.” - Stephen King
“What’s old is new again.” - Cyber professionals
What’s old is new again. Cybersecurity professionals are inclined to repeat this when a data breach exploits an old vulnerability or a “defeated” threat reappears. It seems that, in the rush to adapt to new threats and technologies, it can be easy to forget some lessons of the past. It’s time to get serious about preserving our cyber history with cybersecurity documentation.
Some days, cybersecurity feels like we are fighting the same battles over and over. Whether this means a new malware attack occurs or a vulnerability is discovered, offensive and defensive cybersecurity are never-ending. New threats arise constantly, and these keep us looking ahead to the future.
But if we don’t document the knowledge we’ve gained and preserve our cyber history, we will lose future solutions. It’s crucial to learn the lessons of our past, to help teams and organizations survive and thrive. Cybersecurity documents do this. Otherwise, we forget old threats, and what’s old becomes new again.
Documentation Can Be a Thankless Job
Often documentation is a thankless job. For example, we may not appreciate the person who requests a large family photo to capture a special occasion. Sometimes there are groans about dressing up. Sometimes there are crying children. It’s a hassle.
But who is thanked later and beloved for all the photographic results? The person who gathered everyone for the photo. People appreciate the results even if they hate the process.
Preserving Company Security Knowledge
Though in a less sentimental sense, the same is true of network and cybersecurity documentation. It can be tedious and frustrating. People might groan. Some may cry. But the end result is an important history. And the history helps us determine our future because we apply the lessons of the past.
Cybersecurity professionals enjoy quoting the phrase, “What’s old is new again.” This typically applies to cyber threats – if we haven’t protected our networks from past threats, the same threats will often materialize again and become new.
Employees need cybersecurity documents to clarify their responsibilities in the day-to-day operations of the security team. They also need a clear plan to follow in the event of a security incident or breach.
When employee turnover inevitably disrupts a company’s ecosystem, valuable history can be lost in the brains of those who have fought the cyber battles of the past, and the collective knowledge suffers. This is an important time we need cybersecurity documentation.
Employee departures are also knowledge departures – unless the company and security team have made cybersecurity documents a priority. If network records are kept clean, and if threats are logged with their respective remediations, the situation is entirely changed. The history is preserved, and the cybersecurity successors have a place to start.
Documentation is an Ongoing Task
Like threat defense, cybersecurity documentation is an ongoing and never-ending process. Once documentation has been created, it needs to be reviewed regularly and updated as processes and policies change.
As well as preserving history for the technical staff, cybersecurity documentation also provides guidance for non-technical staff, reminds employees of their responsibilities to watch for attacks, and clarifies the roles of every team member in the case of an attack.
Those who have been in the cybersecurity and information security fields for any length of time know this is true. Ethical hacker Katie Moussouris said, of her return to the field after a period of absence, “I’ve been retired from professional hacking since 2007. Why should a hacker that retired that long ago still be able to hack things?” she told Motherboard. “The shortcomings for the security industry are really that we see the same cyclical bugs coming in over and over again.”
Standing the Test of Time
Security documentation is also beneficial when it's time to conduct tabletop exercises. These scenario-based practice sessions will give the team a chance to practice the roles they have been assigned. At the conclusion of the tabletop exercise, team members should have the chance to review what they learned and what may need to chan