You may have tuned in for fandom or family tradition; good conversation, great chicken wing dip, or gaudy commercials; and, of course, for Rihanna. Whatever the reason, and there are many, approximately 113 million of us watched the Kansas City Chiefs defeat the Philadelphia Eagles, 38-35, in Super Bowl LVII this Sunday.
If you paid attention to the game for even a couple minutes, you likely heard about its star players, like both quarterbacks Patrick Mahomes and Jalen Hurts. But football is still, first and foremost, a team sport. No single player, no matter how talented, can win a Super Bowl on their own.
Could Mahomes have thrown two fourth-quarter touchdowns without the Chiefs offensive line keeping him upright? Could Hurts, despite throwing for over 300 yards and rushing for three touchdowns, overcome the Eagles’ defensive woes in the second half? Before a team can hoist the Lombardi Trophy, all the pieces of its roster, from quarterbacks to cornerbacks, tackles to tight ends, kickers to coaches, must work in unison.
Data security is the same way — it’s a team sport.
On paper, the key to protecting a network from cybercriminals seems relatively simple: Build defenses around the areas said criminals are most likely to enter. Of course, these entry points aren’t always obvious. This means that in today’s ever-precarious IT landscape, every organization is vulnerable.
For IT teams across all sizes, sectors, and geographies, plugging every potential hole, planning for every malicious eventuality, and promising complete data protection is a daunting, often impossible, task. Giving your organization its best possible shot at security requires a defensive strategy that’s well conceived, multi-layered, and in-depth.
Just ask the Eagles.
Offense Wins Games …
Humor me for a minute, will you? For the rest of this blog post, let’s imagine modern data protection as a game of football, perhaps even the Super Bowl. The stakes are that high.
For more than a decade, the Super Bowl has consistently drawn at or around 100 million viewers across the United States, making it by far the most popular television event each year. For some perspective, that’s more eyeballs than last year’s FIFA World Cup Final, College Football National Championship, State of the Union Address, and Macy’s Thanksgiving Day Parade … combined.
Now consider this: In 2021, cybercrime inflicted more than $6 trillion in global damages, according to Cybersecurity Ventures. That’s 60,000x the number of average Super Bowl viewers! In 2023, the global cost of cybercrime is predicted to hit a staggering $8 trillion.
Ransomware, the world’s fastest-growing form of cybercrime AKA the Mahomes of cybercrime, currently impacts an organization every 11 seconds, according to Cybersecurity Ventures. That equates to nearly 1,310 new ransomware attacks during Sunday’s Super Bowl festivities alone. Not even “The Greatest Show on Turf” could keep up that pace.
It’s clear that cybercriminals are on the offensive. They’re the Mahomes and the Hurts in our Data Security Super Bowl. They’re highly skilled and highly coordinated, far more advanced than ever before, with the ability to “score” in many different ways.
… But Defense Wins Championships
Our job, then, is to play some defense. As the amount of data increases, so does its value. That’s why it’s so imperative to keep cybercriminals “out of the end zone,” so to speak, and far away from our mission-critical data. Doing so requires careful game planning and stout defensive alignment.
Picture your organization and its data security strategy playing defense against an offense of super, cybercriminals led by seven-time Super Bowl Champion Tom Brady. It’s nearing the final minute of the big game and Brady’s criminals are charging toward the end zone. Scary, right?
And yet, even Brady — the “GOAT” as many fans refer to him — was twice foiled in Super Bowls against the New York Giants. How? The G-Men had a talented, confident defense and a comprehensive strategy in place to tackle all that Brady might throw their way. In other words, they had exactly what your business needs — a winning data security playbook.
Legendary college football coach Paul “Bear” Bryant once said: “Offense wins games, but defense wins championships.” To keep Brady and his criminals out of the end zone, let’s use the NIST CyberSecurity Framework (CSF) as a guide to building a championship-caliber data security strategy.
Getting Your Data Security Strategy into Championship-Caliber Shape
If you aren’t familiar with the NIST CSF, we have a detailed blog series, covering each of its key functions, available for your reading pleasure. I encourage you to check it out!
The SparkNotes version is this: The NIST CSF is a voluntary framework consisting of standards, guidelines, and best practices designed to help organizations of any size and sector improve the security, risk management, and resilience of their systems.
It is a roadmap, better yet, a playbook, for combatting cybercriminals and safeguarding your data.
When boiled down, the NIST CSF consists of five key functions: Identify, Protect, Detect, Respond, and Recover. In football, the defense works to achieve very much the same goals. In fact, like the five key NIST functions, most football defenses consist of five key positions, which work together to identify, protect, and detect the offense’s strategy as it unfolds, respond to its attacks, and, if need be, recover to limit any damage done.
These defensive positions are called: linemen, middle linebackers, outside linebackers, cornerbacks, and safeties. Each position, like each function in the NIST CSF, represents the five primary pillars for a successful and holistic cybersecurity program. In football defense terms, an organizational data security strategy built around the NIST CSF, would look something like this:
Identify / Middle Linebacker
The middle linebacker position is integral to a solid defense. Often referred to as the “quarterback of the defense,” the middle linebacker’s role is to diagnose the offensive scheme pre-snap, communicate the details of the imminent attack to teammates across the field, and then stop any runs or passes close to the line of scrimmage.
In the game of football, as in the game of cybersecurity, the defense must identify the offense’s strategy (whether it be run, pass, or option) as quickly as possible and react appropriately. Often, the middle linebacker forms a huddle to give directions, dictating coverage assignments and, if necessary, changing to responsibilities.
The same strategy applies to your organization. Identifying your assets, prioritizing which to protect, and evaluating potential vulnerabilities is critical. Like the middle linebacker, you must be able to manage risks and threats, while also identifying and calling out actions.
Ongoing discovery via testing and continuous risk scanning for incoming attacks can help organizations remediate vulnerabilities. Many businesses, prompted by a lack of internal security personnel, expertise, and resources, are now recruiting managed security service providers to bolster their defensive roster. And for good reason.
Protect / Defensive Linemen
As its name suggests, the “defensive line,” consisting of tackles and ends, is a team’s main “line” of “defense” against the opposing offense. Defensive tackles, who are positioned along the interior of the line, are asked to rush the passer and stop running plays directed toward the middle of the line of scrimmage. Defensive ends, who are positioned to the left and right of each tackle, are asked to attack the passer and/or stop runs to the outer edges of the line of scrimmage.
Similarly, your organization must construct a line of technologies and procedures that safeguard your data and services against incoming threats. Like those big bodies along the defensive line, the intent of these safeguards is twofold: Proactively shielding your organization against cybersecurity events and limiting or containing the impact of a potential cybersecurity event. These should be ongoing efforts. And, more important than what specific security controls you implement, is the fact that they all must work together in order to keep your organization secure.
In football, if the offense can exploit a gap along the line, the entire defensive unit is compromised. Such a breakdown can lead to explosive, downtime-inducing plays. Similarly, in the game of cybersecurity, encryption alone will not protect your services if your staff, say, hasn’t also been trained to avoid plugging in USB disks they find on the street.
Overlap between protections enables your security team to better contain the impact of a potential breach. Again, working with a managed security services provider, like 11:11 Systems, can act as a force multiplier for your IT and security teams to implement a better, safer cybersecurity protection plan.
Detect / Outside Linebackers
Outside linebackers are called upon to rush the quarterback and, on occasion, drop back into coverage against tight ends and running backs. Mixing the responsibilities of both middle linebackers and those along the defensive line, their roles are hybrid in nature and require the ability to quickly pivot to changing plays and strategies.
The same can be said of the “Detect” function in the NIST CSF. In 2023, we’re no longer simply talking about viruses and malware. Today’s security threats are internal and external, technological and human. The age of the nightly antivirus scan has come and gone. Being able to discover and respond to these new threats before they breach your protection, or cause damage, is key.
That is why managed security tools, like Security Information and Event Management Systems (SEIM), Endpoint Detection and Response (EDR), and Continuous Risk Scanning (CRS), have become so valuable. Each can greatly enhance your organization’s ability to spot, and then quickly respond, to anomalies within your network — bolstering your overall security in the process.
Respond / Cornerbacks
Cornerbacks attempt to prevent successful passes downfield by either swatting an airborne ball away from a receiver or intercepting the pass themselves. They’re also responsible for containing ball carriers, directing them back to the middle of the field to be tackled by the middle linebackers or forcing them out of bounds. Cornerbacks must always keep their helmets on a swivel, ready to react and respond to developing plays across the field.
Much like cornerbacks, we, too, must be ready to respond to the near-constant threats facing our networks. This requires a certain amount of calm, or rather, a lack of panic, when the ball is in the air. However, those who have dealt with cyberattacks know that this is much easier said than done. It can be a dizzying experience, filled with adrenaline. That is why planning is so essential.
For cornerbacks and IT administrators alike, time is of the essence. So, figuring out a course of action during an attack is far from ideal. Your organization’s incident response plan should be articulated well ahead of time, and practiced regularly. If (more likely when) the time comes, everyone on your team should know their role.
Of course, no plan can withstand every engagement with every enemy, every time. Even the game’s best corners give up receptions. But that is no reason to push off planning. In fact, it’s all the more reason to have multiple, flexible plans focused on what needs to happen.
Ultimately, your reaction should be second nature, so your brain can concentrate on analyzing data and clear communication, not deciding what needs to happen next.
Recover / Safeties
The ultimate goal of any NFL defense is to prevent the offense from advancing on any given play. This means limiting big plays, especially touchdowns, while also forcing turnovers, like fumbles and interceptions, whenever possible.
The safeties are the last line of defense in this regard, helping the cornerbacks with deep-pass coverage and providing extra protection against run plays that have escaped beyond the line of scrimmage. They also strive to intercept errant passes, recovering the ball and allowing their team to reset with little to no damage done.
Despite all the effort you may put into protecting and responding to threats, the sad truth is you can never 100 percent guarantee that your organization will be immune to attacks. This is why you, like an NFL safety, must be ready to recover. To do so, your organization must carefully develop and implement recovery plans, processes, and procedures that prioritize your most critical workloads and limit downtime as much as possible.
The best defenses are prepared at all levels.
As I mentioned earlier, data security really is a team sport. No organization — no matter the size, sector, or level of digital transformation — can safely navigate today’s ever-evolving cyber threat landscape without a comprehensive, multi-layered strategy.
To neutralize risks, organizations must rally around a sound defensive playbook, like the NIST CSF, that prioritizes planning, protection, communication, and recovery. You never know when your team’s defenses will be tested with a high-stakes data security scenario. The Chiefs may have just won Super Bowl LVII, but your big game could still be just around the corner.
For more information on how to build a championship-caliber security strategy, download our white paper, which covers what a winning defensive playbook looks like and so much more.