Is cybersecurity like football? It depends on who you ask. But if you asked Alex Cox, Director of Information Security here at LastPass, or Matt Lee,Sr. Director of Security and Compliance at Pax8, they’d probably say yes. During our recent webinar, with the Super Bowl not too far behind us, we sat down with these great cybersecurity minds and discussed the most important moves that organizations can make to consistently put up the best defense against cyber threats.
“In fact, winning football… is scoring more points than them, which means limiting the actual damage that is done, but it doesn’t expect to have no damage. It doesn’t expect a shutout. It expects to be able to limit the number of downs and the number of yards keep them from actually succeeding at scoring points. Right?
That’s the goal of this. And so when we think about security, we go out there and talk about stopping everything That’s ridiculous. That is ignorant, and it would not fly. And I think the point is we have to start thinking much more like how do I limit the downs?” – Matt Lee, Sr. Director of Security and Compliance at Pax8)
Understanding how to execute the right defense
The good news is that when mounting a strong defense, you don’t have to create your own strategy from scratch: the NIST standard around cyber security defenses is pretty substantial and is a great first step to helping you establish a comprehensive cyber defense framework.
“All of NIST pillars, identify, protect, detect, respond, recover, are ways that you can either interrupt the threat actors’ activities, or make sure that you’re able to recover as quickly as possible,” Cox notes.
Overall, the NIST cybersecurity framework offers multiple points for security leaders to reference and ensure their defensive strategy is robust and comprehensive.
Managing your assets
You have to know what you have in order to protect and defend every possible entry point from attack. “Every breach has happened on an asset…an asset is defined as anything that can store, process, or touch data. And data is the object of a breach,” Lee reminds us.
To bring it back to football: you must practice so you know the field, how your players work together, and the strengths and weaknesses across a team. Sometimes, you need to bring in special resources in order to run drills and get an additional perspective on where your defense might be lacking or to help you take stock of your assets. “You know, if you have technology that you don’t understand, bring a good red team in because those guys are essentially gonna be a team [of] threat actors, and they’re gonna do all of the ninja stuff, and they’ll find the holes… And that gives you a map on how to fix things,” Lee recommends.
The right way to think about your tech stack
Security has, and always will be, more than just technology, just like football is more than just players. It’s a mix of practice, leadership, coaching, refining, rules, regulations, and much more. Cybersecurity is similar; it’s important to see it as more than just the sum of its parts. So, when it comes to defending your assets, process is just as important as product. That means it’s important to consider process – both how your technology is used internally and how bad actors attempt breaches on it – as part of thinking about your tech stack as a whole.
Lee says it’s important for organizations to understand, “what technology you have, how you use it…[and] where it’s vulnerable, both from a technology standpoint and a process standpoint.”
As important as it is to understand how your teams use technology and if any of their usage or processes are high-risk, it’s equally important to have an idea of how threat actors think about their attack process. It’s similar to understanding how your team would play against a competitor and how you’d practice your defense to protect against their plays.
“They [bad actors] tend to have a standard operating book. You know, they go through the same processes and use the same technologies to accomplish their missions and once you understand from that landscape, how those threat actors act, it’s basically a map on how you create your threat model,” Lee notes.
The importance of patching
Patching is such a basic piece of a cybersecurity defense strategy that it can easily get overlooked; it’s not new or flashy or part of an exciting new product, technology, or initiative. But regularly patching software is fundamental; it helps mitigate known vulnerabilities, defends against exploits used by cybercriminals, ensures compliance with regulatory standards, protects against malware infections, and preserves business continuity. Promptly applying patches to address weaknesses in software can significantly reduce the risk of cyber-attacks, minimize potential damage to systems and data, and maintain the integrity and availability of your infrastructure.
The best way to handle patches is to have a plan based on regular updates, but also risk-based updates, which can mean prioritizing patches on systems that are critical to your operations or on systems that you know have been involved in recent attacks.. One of the biggest risks to patching is simply ignoring it too long and leaving gaps wide open to evolving risks that specifically prey on unpatched vulnerabilities.
. hereYou can hear the whole conversation, with more info about how passwordless should factor into your playbook – plus every other great football metaphor – by watching the on-demand webinar