The perfect defense: How to stop cyber criminals from scoring
Data is more plentiful, valuable and interconnected than ever before. Unfortunately, this has led to a cyber threat landscape that is increasingly dynamic and costly to business.
Cybercrime inflicted approximately $6 trillion in damages globally in 2021, an annual figure that is set to reach $10.5 trillion by 2025. This is equivalent to the world’s third-largest GDP after the U.S. and China. It is a threat that requires a comprehensive approach to defending, protecting, and recovering data, avoiding vulnerabilities and maintaining business continuity.
The NIST Framework
In 2014, in response to the already escalating cyberthreat landscape, the National Institute of Standards and Technology (NIST) published the "Framework for Improving Critical Infrastructure Cybersecurity", or CSF.
Originally intended for critical infrastructure, it is increasingly and globally recognized by governments and organizations alike as a best practice guide to cybersecurity risk management and resilience.
Comprised of five risk management functions (Identify, Protect, Detect, Respond, Recover) the framework acts as the foundation which supports a highly effective risk management strategy.
Think of modern data protection as a game of football. As the opposition continuously delivers new, sophisticated waves of attack on your business, your organization's cybersecurity strategy is your defense. Here we liken the five risk management functions to the five key defensive soccer positions that make up your protective strategy. Without any one of these, the attackers -- or cybercriminals -- cannot be stopped.
Identify -- Central Defensive Midfielders
Starting just in front of the defense is the central defensive midfielder (CDM). A good CDM is positionally aware, with the ability to anticipate their opponent’s next play, possessing strong marking, tackling, interceptions, passing and displaying great stamina and strength. The CDM helps to lead the team from the center of the pitch, quick to identify and recognize incoming threats and attacking plays.
The skills of a good CDM lie in their ability to "identify" threats. Identifying problems and vulnerabilities across your organization is critical. Like the defensive midfielder, this means managing risks and threats, while also identifying and calling actions. Ongoing discovery through testing and continuous risk scanning for potential incoming attacks helps companies remediate vulnerabilities.
The first step in effective IT governance and security is identifying and managing IT assets, but in the same way the role of the CDM is often seen as one of the most challenging and important in a football team, without the ability to identify risks your organization risks a loss.
Protect -- Center-Backs
The center-back protects and defends the important central spaces in front of the goalkeeper, often seen as the last line of defense. Preventing an attack and keeping a clean sheet is paramount to defensive success, both in football and cybersecurity. Center-backs mirror the "Protect" function of the CSF, in which an organization creates a multi-layered defense that protects people, processes and entire IT infrastructures.
The center-back is at the heart of the defense, regularly communicating with teammates to ensure that the defensive positions are working together. In the same way that a solid firewall establishes a barrier between a trusted network and an untrusted network, the defense works as a collective unit, constantly monitoring and controlling traffic to protect the organization within.
Detect -- Ball Playing Defenders
As a central defender, ball-playing defenders still need the attributes of a center-back to stop opposing attackers. However, the ball-playing defender’s role is hybrid in nature, requiring both the technical and mental attributes to allow them to launch defense-splitting passes from deep.
Their success is dependent on their ability to pivot quickly to changing plays and strategies. Within the NIST CSF framework, this quality is essential in detection processes. Continuous detection and security monitoring is paramount to spotting anomalies and events within the "Detect" function.
Respond -- Full-Backs
The full-backs are located out wide and traditionally stay in more defensive positions throughout a match. Constantly responding to scenarios and attacking plays, a full-back’s primary focus is on analyzing and mitigating the oncoming threats of opposing attacks down the wing.
In the NIST CSF, the "Respond" function operates much like full-backs. In football and cybersecurity alike, there are constant threats to respond to. Analyzing the game and threats, while communicating with teammates and other functions, helps to mitigate the attacks and improve the defensive framework.
Recover -- Goalkeeper
The goalkeeper is the final barrier, the last line of defense to prevent the other team from scoring. Yet that is only half of the goalkeeper’s role. The goalkeeper can punch the ball, catch the ball, or kick the ball back into play: once an attack has been mitigated, they offer the team the chance to recover quickly and get back into position. They protect the goal, help coordinate the defense, facilitate communication, and distribute the ball.
The ultimate goal of both a goalkeeper and that of the "Recover" function in the NIST CSF is to mitigate attacks and reset the team for the rest of play, whether the opposition team is on a football pitch or behind a computer.
Building your multi-layer defense
The best defenses are prepared at all levels. In football, if one defensive player isn’t up to scratch, even for a split second, it can have a detrimental impact on the whole team. In business, ensuring your entire organization is ready with a multi-layered data prevention and protection strategy in place is critical to ensuring business continuity.
The unfortunate truth is that it is no longer a matter of if, but when, an organization will suffer data loss. This means that secure, reliable backup has never been more important when protecting critical data. A State of the Channel Partner Report found that 96 percent of companies with a trusted backup and disaster recovery (DR) plan were able to survive ransomware attacks. The same report found 93 percent of companies that suffered a major data disaster without DR in place were out of business within one year. Selecting the right manager is a safer path to ensure your business is set up with the right strategy to defend the organization and deliver that all-important peace of mind.
Sam Woodcock is Senior Director of Cloud Strategy at 11:11 Systems.