How can you develop a World Cup winning cyber team?
22 June 2018
The World Cup has kicked off in spectacular fashion, and the parallels between the tactical to and fro on the field and the latent cybersecurity battles going on all around us are interesting to see.
Some World Cup teams will spend most of their tournament on the defence, desperately trying to keep the opposition out – but as in the world of cybersecurity, can the best defensive team keep out the most determined attack?
We asked a variety of cybersecurity experts to draw their World Cup comparisons.
Attack - Educated Employees
Anurag Kahol, CTO at Bitglass
“Your skillset is what wins you the match. You have to have a sharp team of strikers who know how to react quickly to the opponents’ tactics.
For cybersecurity you get this through education, which is the first step in limiting the impact of the other side. For example, end-users who access data in a secure manner are less likely to put sensitive corporate data at risk.
On the flip side, careless and ignorant workers put organisations’ data at risk far too often. Fortunately, thorough education can make them far less prone to the kinds of mistakes that allow malware into the corporate network, effectively halting the criminals from scoring.
Football players train endlessly to get the better of their opponents, and similarly cybersecurity seminars and workshops should be a mandatory pillar of businesses’ employee training. In this way, security is kept top of mind and employees are kept up to date with the ever-changing cybersecurity landscape.”
Midfield - SIEM technology
Stephen Moore, chief security strategist at Exabeam
“The midfield is responsible for controlling the game. These players manage the tempo, identify when to attack, when to sit back, and hold the team together. In cybersecurity your ‘midfield’ must do the same, but most importantly identify real threats, which is no simple task. Your team must uncover these threats within a very noisy security environment.
Analysing logs using a Security Information & Event Management (SIEM) tool is widely regarded as the "holy grail" of threat detection. Traditional SIEM, however, has its limitations. Like most football teams, you need fresh tactics - or next-gen SIEMs - to out-play the opponent.
This would be SIEMs with big data, identity-based security, and behavioural analytics technologies. Simply put, threat detection needs to focus on the behaviours of users and machines irrespective of event volume, asset location, or device type.
The latest threat detection tools use machine learning algorithms to help identify unusual activities in seemingly unconnected events. While a human analyst could uncover these activities, it would take them far longer than a machine.
The machine takes the heavy lifting element of SIEM out of the analyst's hands and offers up a simple timeline of these activities, which even junior analysts can use to decide next-steps from a remediation standpoint."
Defence - Data Loss Prevention policies
Jan van Vliet, VP and GM EMEA at Digital Guardian
“Data loss prevention (DLP) is a critical part of a winning team’s cyber-defence strategy. However, just as football strikers have to do their part and slide in for a defensive tackle when required, effective DLP implementation requires active participation from the entire team and the manager; it is not a “set it and forget it” platform.
Effective DLP requires a contextual understanding of three factors: what actions may be taken with data, by whom and under what circumstances. As new data is created and people come and go, these policies will need to be adapted and updated. Just like a football team’s tactics. DLP is a constant process of understanding your data and how users, systems, and events interact with that data to better protect it.”
Goalkeeper - Encrypting your assets
Luke Brown, VP EMEA at WinMagic
"In the same way that the goalkeeper is the last line of defence on the football pitch, organisations need to apply a final protective measure over their data. A sensible posture that organisations should adopt is to assume their systems will get breached - because they will - and then put in place processes to minimise the risk.
When it comes to data protection, end-to-end encryption is the best goalie in the world. Even if cyber criminals manage to access your firm’s data – they’ll score the equivalent of an own goal because if the data is encrypted, nobody is going to unlock it."
The Manager - Voice Security
Tom Harwood, Chief Product Officer and Co-Founder at Aeriandi
"Like the manager of a World Cup winning football team, a company’s contact centre is its interface to the world – dealing with enquiries, requests and feedback on the team’s performance. This role is particularly important when it comes to dealing with misinformation – contact centres are becoming an increasingly attractive target for fraudsters.
To help protect customers and outsmart the fraudsters, many businesses are looking to fraud detection technology – an innovative solution to protect against phone fraud. This looks at more than the voiceprint of the user; it considers a whole host of other parameters.
This can significantly bolster a telephone identity and verification security system, whilst simultaneously improving the customer journey. It's a win-win situation for all concerned – and a winning strategy for budding World Cup contenders.”
Unlike football, results are not based on 90 minutes of work. For cybersecurity professionals the game is a constant battle, and they can never let their guard down. Tactics change and teams adapt, but the objective remains the same - stop cyber criminals from scoring. This is possible with a well organised, prepared team of professionals, but having all the qualities described above makes the battle a lot easier.