Understanding the Known Knowns, Known Unknowns, and Unknown Unknowns in Cybersecurity

Share This Article

Cybersecurity Matters Blog
Kevin Baker
, CISO

In cybersecurity, navigating the murky waters of risk management requires a deep understanding of the “known knowns,” “known unknowns,” and “unknown unknowns.” These concepts, borrowed from military strategy, are incredibly relevant as businesses face increasingly sophisticated cyber threats in a constantly shifting landscape.

Known Knowns: The Clear and Present Dangers

The known knowns in cybersecurity are the risks we are already familiar with. These include everyday threats like phishing emailsransomware attacks, and social engineering scams. The advantage of known threats is that we can deploy well-established defenses: firewallsintrusion detection systems, and encryption protocols all work to mitigate these risks.

However, just because these threats are familiar doesn’t mean they can be ignored. Cybercriminals are constantly evolving their tactics, finding new ways to bypass security measures. The frequency and sophistication of ransomware attacks, for example, have skyrocketed in recent years. Therefore, while the threats may be known, businesses must continually refine their defenses and adapt to the evolving nature of these risks.

Known Unknowns: A Step into Uncertainty

The known unknowns are the risks we know exist, but don’t fully understand or predict. These might include zero-day vulnerabilities—undiscovered flaws in software that cybercriminals can exploit before a patch is released—or emerging threats from new technologies like quantum computing or AI-powered attacks.

While we may know the general areas where these threats could arise, we often don’t know their exact nature or the timing of an attack. Companies combat known unknowns by investing in advanced threat intelligenceAI-driven detection systems, and continuous monitoring. These tools allow organizations to rapidly detect anomalies and respond to new forms of attacks in real-time, giving them a fighting chance in an environment where the next exploit could emerge without warning.

Unknown Unknowns: The Invisible Threats

The unknown unknowns are the most dangerous category. These are threats that we can’t foresee because they exist outside the scope of our current understanding. Think of the 2017 WannaCry ransomware attack—it crippled organizations worldwide and came seemingly out of nowhere. No one anticipated how quickly a worm-like ransomware could spread across the globe using a previously patched Windows vulnerability.

The rise of machine learningIoT devices, and 5G networks introduces a whole new set of unknown risks. Cybercriminals are likely already exploring weaknesses in these new technologies, preparing to launch attacks in ways we haven’t even imagined yet. To defend against the unknown, companies need more than just technological tools. They need to build adaptive, resilient systems and foster a culture of cybersecurity awareness. Regular tabletop exercisesdisaster recovery simulations, and cross-industry collaboration are key to ensuring that when an unknown threat strikes, the organization can respond effectively.

The Importance of a Holistic Approach

In this complex landscape, it’s not enough to react to threats as they appear. Businesses need to be proactive, understanding that the cybersecurity battleground is constantly evolving. Companies that can skillfully navigate the known knowns while preparing for both the known unknowns and the unknown unknowns will be the ones that emerge resilient, even in the face of the next unexpected cyber onslaught.

The future of cybersecurity lies in adaptability—balancing technology and strategy while fostering a culture ready to face any challenge, whether we see it coming or not.