As a fan of sports – recently I watched the final of the World Triathlon Series, the culmination of a full season worth of racing to fight for the coveted title. Due to the varied disciplines involved, triathletes are often considered to be some of the very best athletes.
Triathlon involves a trio of swimming, cycling and running, with competitors having to excel at not just one, but three sports. Training schedules are often extremely detailed, with meticulous planning required for every race, whilst tactics have to be adaptable to specific conditions.
Many comparisons exist between the triathlete and those needed to defend cyberattacks; after all, IT security professionals must master a number of defensive tools and techniques, plan for all possible outcomes and be flexible to meet an ever-changing environment.
Sporting success is the result of training, practice and continual improvement, often embracing the latest research to push the envelope. Shaving off just one second could mean the difference between winning and coming second.
The same is true when planning on how to defend against/respond to a cyber incident. The business that is best prepared for cybersecurity events, has invested time and resources into understanding their business requirements and developing plans to mitigate the impact of likely attacks.
IT security professionals will also take into account the latest research and rely upon technology that is self-updating or even self-learning in order to effectively deploy against different threat potential within a complex IT environment. Ensuring that an organisation is well prepared and that the upmost is developed to mitigate any threats, could be decisive between a successful defence and succumbing to a business-crippling cyberattack.
2. Focus on the goal and maintain resilience
Training for any sport requires an understanding of what you are working towards, training plans strike the right balance between building fitness while ensuring the body has time to recover. Triathletes must also ensure that their equipment is fit for purpose and versatile enough to react to a changing course and weather conditions.
To ensure that organisations are prepared for a cyberattack, IT professionals need to identify their goals and have strategies in place that clearly define how they will be met. Each incident could be considered a sort of finish line, or a trial event that tests the readiness.
An IT cybersecurity professional needs to be familiar with the tools and equipment they are using. Defensive tools and techniques such as vulnerability scanners and firewalls should be regularly reviewed and tested to confirm that they are effectively protecting against known vulnerabilities. It’s also judicious not to introduce new strategies in the middle of a real-life situation – tried and tested tools and techniques can best be relied upon for success.
3. Teamwork is the most effective means to succeed
Athletes are supported by a range of behind-the-scenes resources, be they physiotherapists, psychologists or coaches.
Similarly, it’s no secret that cyber - and wider - organisational success is a result of teamwork. Successful cybersecurity strategies come about through collaboration between a wide range of individuals and functions within a business and are not the preserve of the IT function alone.
4. Tailor your defence
Athletes will study the form of their closest rivals and will have developed strategies to counter their strengths, whether by setting off at a blistering pace on the bike, or sitting on their competitor’s heels on the run until they feel that an injection of pace might net them the win.
Good cybersecurity strategies require a finely tailored approach to defend against the most likely risks and threats and focus resources accordingly. Teams should ensure they have conducted appropriate business risk analyses and vulnerability mapping that incorporates lessons learned from previous attacks or incidents.
Complacency and letting procedures and training regimes slip is just what cyberattackers will be looking for to find a way into unprotected systems (e.g. Windows 7 end-of-life), or to target new technology or even untrained employees who might inadvertently help provide access.
Cybersecurity professionals can learn from triathletes’ abilities to master a range of disciplines and maintain sustained effort across several competencies, drawing on support from a wider team.
Both must learn from research and the latest developments and use available resources to constantly adapt to shifting conditions, never quite knowing what might lie around the next corner.
Innov8 Technology alongside our IT Security vendor partners (WatchGuard, Trend & Sophos) provide expert advise and support when it comes to protecting your business from cyber-threats.