Cyber Security: Defense Wins Championships
In business cyber security, most are not going to win the war versus bad-guys with just a great offense.
On Sunday, we get to celebrate one of America’s greatest “holidays”…the Super Bowl! In the cyber security world, every day is the Super Bowl for business leaders.
Winning a championship is never easy. It requires countless time, focus strategy, practice, studying, and executing.
Most teams can’t just show up to the “big game” and expect to win. They have to earn it.
The time dedicated to becoming better never ceases, and ultimately, it’s the team that is most prepared that will pull off the win.
Wait, isn’t this supposed to be a cyber security blog post? Yes, it is. And we hope you like analogies and quotations!
When you ask top business leaders, as well as top information and cyber security professionals, what makes a business a “champion” when it comes to protecting information, you’ll get three common responses:
A great defense. A great game plan. And practice.
In business cyber security, most are not going to win the war versus bad-guys with just a great offense.
Success comes by keeping the other side out of the “end zone”, where they can score big from your data. You can’t be predictable.
Championship level security requires a balance between offensive strategies and defensive strategies.
Which strategy is best? That depends on where you are currently.
Let’s face it, you can’t base your entire strategy on the hope that the opposition will “turn it over” all the time. Cyber criminals do not take days off. There is no off-season.
With cyber security and information security, you must keep the bad-guys off balance.
Sure, you know they are out there trying to “make plays”, but the best use of your time and energy should be working on making sure the bad-guys never make it to your end zone. If they don’t get to what they want, you win.
Will it work every time? Not likely. Shutouts in football are rare these days.
You won’t succeed in building the best security defenses buying the best players (hardware and software). You have to find a system that fits your business. A scheme that allows you to adapt to changes by the opposition (cyber criminals).
But a scheme only works if you know how to execute.
In cyber security and information security, you always have the home field advantage. You know your business better than anyone else. Make sure your team maximizes that advantage.
Imagine the opposing team takes the field, but they show up for a basketball game, not a football game. They don’t stand a chance!
But just the opposite, is also true.
If you show up to play against a superior team, on their turf, your chances of success diminish.
Know your playbook. Know the plays. If you ask a defensive football coach if they would like to study the opponents plays before the ball is snapped…what would you guess the answer will be?
Business leaders need to know their infrastructure, their software and their people. They have the advantage over what the bad guys can accomplish.
Make sure to understand the malicious actors’ tactics. Know how to identify threats when they first appear.
If businesses don’t have time, collaborate or hire a “coach” who can study film, research what attacks look like, and help you adjust your security program on the fly, so it’s constantly improving.
Which leads us to our last rule of champions…
You can’t have the Allen Iverson mentality (yes, that’s a basketball reference, sorry) with your security. It doesn’t work.
How many axioms, sayings, rules, and mantras are there praising the virtues of practice? A lot! Because it matters.
Practicing your craft is what separates average from great. As a business, you owe it to your customers, partners and employees to be great.
Technologies can change rapidly and bad-guys can take advantage of that, in an attempt to employ new tactics. Businesses have to be on-top of their game.
Like a head coach, business leaders have to train their whole team. In order to succeed at a championship level, the whole team has to be performing at a high level. Across the whole organization.
This means; human resources, finance, sales, and, of course, both IT and security.
If you don’t train effectively, your team could suddenly find themselves down 3 points, with 30 seconds to go, needing 30 yards to win…and no one will know what to do!
Not everyone can afford the time and dedication to play at the same level as enterprise businesses, and that’s OK.
With Beryllium InfoSec Collaborative, businesses always have the option of bringing the top level security expertise to help bolster their team.
Through cyber security education, training, testing, strategy, execution and program development (game planning), businesses can play at a higher level of security.
You don’t have to be a sports junkie, to know that you can’t wait until the 4th quarter to start preparing for the Super Bowl.
We want businesses to always be ready for the big game. By collaborating with our cyber security and information security experts, our team will get you on the path to becoming Hall of Fame worthy.
Get your game plan started by speaking with one of our experts today!
