Cybersecurity Is a Team Sport
National Cybersecurity Awareness Month (NCSAM) kicks off today with its 15th annual drive to elevate cybersecurity to a national conversation. As I was thinking about this year’s NCSAM overarching theme — that cyber threats come in all shapes and sizes, and that to combat them it is our shared responsibility to work together to improve our nation’s cybersecurity — it occurred to me that cybersecurity really is a team sport.
Consider the actions that drive success for an NFL football team:
- The general manager must assemble a roster of the best players available that match the scheme and approach that the head coach wants to implement. Think of this as the CISO approving the purchase that SecOps and NetOps request.
- The coaching staff must devise a perfect game plan that will change each week depending on the opponent and, on many occasions, will change during the game as the opponent’s offensive and defensive tactics evolve. This is SecOps and NetOps team working together to stop the attacks on their network.
- The players must perform as individuals and as team members to ensure the game plan is executed to perfection. This is the complete enterprise working together and playing their individual roles to stop threats and maintain control.
Evidence of this whole ecosystem can be seen on Sunday as teams huddle on the sidelines reviewing their plays on tablets to see what is working and where the gaps may be in their game. Think of this as the broad network visibility that is essential to win the game regardless of the size of the team.
The goal of the team, whether it is an NFL franchise, the federal government, our company or our family is to shift the power from the attacker to the defender — to move from defense to offense.
Now, as most sports fans realize, you also need a number of uncontrollable circumstances to all fall in your team’s favor. So yes, admittedly there is an element of luck on your side with referees making the right calls and the wind blowing your game-winning field goal attempt through the uprights; but without all the pieces in place, and the team working together, you will not be set up for optimal success.
I find that events like NCSAM are good reminders for those of us in the security industry that the term cybersecurity evokes a range of nightmare images and emotions depending upon your perspective.
- For utility providers such as water, electricity and air traffic control, the image is likely darkened, flooded streets with airplanes bumping into each on the tarmac.
- For large commercial organizations it is the vision of their intellectual property or valuable customer data being stolen in the middle of the night.
- For most Americans it is the image of their personal information, credit card details or healthcare records being stolen by a hooded hacker.
- For me, it was the news that Quarterback Jimmy G of the San Francisco 49ers has torn his ACL … but unfortunately that wasn’t just a vision or nightmare, it’s reality.
The federal government has certainly made significant investments in this field, including the EINSTEIN and Continuous Diagnostic and Mitigation (CDM) programs, which work together — there’s the team theme again — to identify risks, prioritize responses based on potential impacts and enable cybersecurity personnel to mitigate the most significant problems first.
If all that feels confusing, that’s because it is. The football team understands the rules and the objectives of the game, yet it is often difficult to win on a regular basis (hello Browns fans!). Even at the enterprise level where there are teams of professionals working to insulate their companies from the persistent threat of an attack, there are so many tools that it is often difficult to sort out the clearest path to a secure environment.
At a fundamental level, cybersecurity best-practices need to be developed, communicated and enforced by SecOps and NetOps teams to ensure that the most obvious paths into the network are protected. It is equally important for internal teams to have the network visibility that’s essential to generate powerful intelligence and interpret powerful analytics, in addition to the ability to leverage this intelligence to help secure the enterprise.
On the personal side, I often think about how to best help protect my daughters from cyber ‘everything’ — from threats and theft to even stalking — as their generation is so deeply rooted in an open, sharing and digital lifestyle.
To help do our part to protect what is important to us, the NCSAM tool kit offers some very helpful tips that can be easily implemented to help improve personal cyber-safety. While they may seem like small steps, something as simple as preventing an email virus to propagate across your personal electronics is a huge step towards shifting the power back to the defenders.
As we move through NCSAM, the single most important message I’d like to leave you with is that we need to own our game plan for national and personal cybersecurity. It isn’t someone else’s problem, it is a shared responsibility with the entire team.
Learn more here: https://www.dhs.gov/national-cyber-security-awareness-month.
Follow and join the conversation using the hashtag #CyberAware.