Due to the increasing prevalence of cyberattacks on SMBs, information security has never been more important. When it comes to mitigating security risks, soccer – arguably the world’s most popular team sport – is full of useful insights for these businesses. Specifically, the key positions on a soccer roster are analogous with the different information security roles people play in their organisation.
When it comes to defence, the striker is usually the person that got you into a mess by losing the ball. In an SMB, strikers are your end users; the rank and file of the company working towards their own goals. But sometimes the striker slips and springs a counter attack from the opposition. In an SMB, this could mean opening a malicious attachment in an email, clicking a link to a compromised website online, or installing an application that contains a Trojan.
Even though this may happen from time to time, strikers still need to know how to track back and defend. End users should be trained to look out for attacks and stop them before your team’s defense has to step in. Simple ideas like how to identify and avoid suspicious links and attachments can go a long way towards stopping attacks.
Every good defence starts with a strong midfield that relieves stress for the back line. In an SMB, the “midfield” is made up of your IT support staff. They should be constantly reviewing your active systems to keep them up-to-date with the latest patches.
It’s also the IT support staff’s responsibility to keep an eye on installed applications and remove any that are no longer critical for business functions. Attackers look for the easy pass through the midfield, which means your team needs to identify and close down those passing lanes quickly.
The defenders on the soccer field have one main purpose, stop attacks before they succeed. The defenders are systems and network administrators in an SMB or the dedicated security administrator in larger organisations. They should focus on designing and implementing a secure network for your organisation. These defenders should segregate critical systems from the main network to keep an attacker from reaching that part of the field.
They should also implement IPS and APT scanning solutions to watch for hidden plays. In smaller organisations without systems or network administrators, the defender may end up being a midfielder subbed in to help the back line. In larger organisations, the defenders are often their own independent workgroup.
Everyone knows that the goalie is the last line of defense. If they fail to stop the opposing team’s attack, it can be game over. In this example, the goalie is actually a robot, or the sum of all of your technical protections. These technical controls should include Access Control Lists (ACLs) to ensure that access is given to only those who need it. They should also include multiple layers of Anti-Malware and APT prevention services from the gateway all the way to the endpoint. Human controls are important, but they’re not infallible.
Training employees not to click shady links goes a long way towards protecting your network, but eventually one of those links will be clicked, the attack will continue and you’ll need your technical controls to bail you out with a brilliant save.
While observing a real soccer match, you might notice how often the goalie calls out to their teammates. This type of communication is important in SMBs too. Reporting is a critical piece of any functional team and employees in any role should be vigilant when it comes to reports from technical controls that may indicate a security issue.
A strong team needs strong leadership. SMB team managers, whether they are the head of IT or a C-level executive, need to work with the entire company to identify and stop threats in the same way a soccer team’s manager sets the strategy against an opposing club. If your organisation doesn’t already have one, you might consider adding a dedicated CIO or CSO role to spearhead your security effort.
For an SMB, these strategies would equate to designing and implementing company policies that govern how technology is used within the organisation and how each team member is expected to contribute to information security. Technical protections aren’t perfect, so having solid strategies and policies that are understood by the entire team can be the difference between a successful attack and a thwarted attempt. Managers should also work with the midfield IT staff to ensure they have the proper resources for dealing with potential attacks. And finally, managers should work with their end users to make sure they are trained to identify potential attacks and know their role in reporting and preventing them.
Just as soccer matches aren’t won by a single star player, information security doesn’t rest on the shoulders of a lone SMB employee or department. When it comes to security at SMBs, having everyone on the same team is the best way to minimise risk.
About the author
Marc Laliberte is an information security threat analyst at WatchGuard Technologies.