Dave On Cyber

Cybersecurity as an Art

Mulla Nasiruddin

Mulla Nasiruddin’s Cybersecurity Wisdom — Wool Is Not Salt

April 20, 2024
By Dave Krunal

Story

One day, Mulla took his donkey with loaded salt to the market. They pass through the river, and salt melts!

The donkey was happy, but Mulla had to bear the loss.

After a few days, Mulla and the donkey had to pass through the same stream. However, this time, the wool was loaded on the donkey. The wool soaked up water, and it became ten times heavier.

The donkey’s mind couldn’t figure it out, but Mulla was laughing and said, “Remember, wool is not salt.”

Cybersecurity Wisdom

Mulla Nasiruddin’s story is a metaphor for the risk management.

Risk = Threat * Vulnerability

It’s important to note that the above equation is not just a multiplication or addition. It’s a combination of several factors.

Business solutions deployed in production without security controls are like salt. Some vulnerabilities melt to the threat actors, but some don’t—they are like wool.

Remember? Wool is not salt.

Some wool-like vulnerabilities don’t melt, they don’t soak in the water, and they result in a significant breach.

This story is an excellent reminder of why we cannot compare security breaches. When everything is at risk, it’s challenging to determine the pattern. You can only implement the defence of multiple controls, hoping that the other will kick in if one fails.

Cyber attacks are possible with many security controls. The cyber attack can bypass itself with fewer security controls.

Perfect security doesn’t exist. The risk never disappears. However, you can identify it and choose the appropriate response.

It’s a matter of whether the threat intersects with salt or wool.

The Mulla Nasiruddin’s story and art are inspired by the book The Exploits of The Incomparable Mulla Nasruddin.

Like this? Read all stories of Cybersecurity Wisdom with Mulla Nasiruddin.

Join my private email list – I share CISSP concepts, AI insights, short films, industry news, learning resources, and curated content. You can check out the sample newsletter before you subscribe. No spam. No ads. Unsubscribe at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *