Network security: A team sport for SMBs
The increased volume and frequency of cyberattacks has made information security an everyday issue of great importance, regardless of your geographical location, industry, language or culture. Soccer, often regarded as the world’s most popular sport, is a similar universal phenomenon – one that lends itself well as a lens to see how SMB teams can work together to mitigate security risks.
While the digital age and modern technology has allowed SMBs to compete in new and different markets, it has also presented them with serious security challenges. So let’s take a look at how key positions on a soccer roster relate to the different roles SMB team members play in information security.
When it comes to defense, the striker is usually the person that got you into a mess by losing the ball. In an SMB, strikers are your end users; the rank and file of the company working towards their own goals. But sometimes the striker slips and springs a counter attack from the opposition. In an SMB, this could mean opening a malicious attachment in an email, clicking a link to a compromised website online, or installing an application that contains a Trojan.
Even though this may happen from time to time, strikers still need to know how to track back and defend. End users should be trained to look out for attacks and stop them before your team’s defense has to step in. Simple ideas like how to identify and avoid suspicious links and attachments can go a long way towards stopping attacks.
Every good defense starts with a strong midfield that relieves stress for the back line. In an SMB, the “midfield” is made up of your IT support staff. They should be constantly reviewing your active systems to keep them up-to-date with the latest patches.
It’s also the IT support staff’s responsibility to keep an eye on installed applications and remove any that are no longer critical for business functions. Attackers look for the easy pass through the midfield, which means your team needs to identify and close down those passing lanes quickly.
The defenders on the soccer field have one main purpose, stop attacks before they succeed. The defenders are systems and network administrators in an SMB or the dedicated security administrator in larger organizations. They should focus on designing and implementing a secure network for your organization. These defenders should segregate critical systems from the main network to keep an attacker from reaching that part of the field.
They should also implement IPS and APT scanning solutions to watch for hidden plays. In smaller organizations without systems or network administrators, the defender may end up being a midfielder subbed in to help the back line. In larger organizations, the defenders are often their own independent workgroup.
Everyone knows that the goalie is the last line of defense. If they fail to stop the opposing team’s attack, it can be game over. In this example, the goalie is actually a robot, or the sum of all of your technical protections. These technical controls should include Access Control Lists (ACLs) to ensure that access is given to only those who need it. They should also include multiple layers of Anti-Malware and APT prevention services from the gateway all the way to the endpoint. Human controls are important, but they’re not infallible. Training employees not to click shady links goes a long way towards protecting your network, but eventually one of those links will be clicked, the attack will continue and you’ll need your technical controls to bail you out with a brilliant save.
While observing a real soccer match, you might notice how often the goalie calls out to their teammates. This type of communication is important in SMBs too. Reporting is a critical piece of any functional team and employees in any role should be vigilant when it comes to reports from technical controls that may indicate a security issue.
A strong team needs strong leadership. SMB team managers, whether they are the head of IT or a C-level executive, need to work with the entire company to identify and stop threats in the same way a soccer team’s manager sets the strategy against an opposing club. If your organization doesn’t already have one, you might consider adding a dedicated CIO or CSO role to spearhead your security effort.
For an SMB, these strategies would equate to designing and implementing company policies that govern how technology is used within the organization and how each team member is expected to contribute to information security. Technical protections aren’t perfect, so having solid strategies and policies that are understood by the entire team can be the difference between a successful attack and a thwarted attempt. Managers should also work with the midfield IT staff to ensure they have the proper resources for dealing with potential attacks. And finally, managers should work with their end users to make sure they are trained to identify potential attacks and know their role in reporting and preventing them.
Just as soccer matches aren’t won by a single star player, information security doesn’t rest on the shoulders of a lone SMB employee or department. When it comes to security at SMBs, having everyone on the same team is the best way to minimize risk.