It’s a good thing Jose Mourinho isn’t in cyber security because ‘parking the bus’ – although it worked for him and Chelsea – is quite possibly the worst cyber security strategy you could devise.
My last post focused on my love of Game of Thrones and the lessons we could take away from it and apply to security. This post, if you hadn’t already guessed, is based on another of my passions – Football (not Soccer!) – and its lessons for us in cyber.
With the Premier League back in full swing, I spent last weekend watching my side surrender a lead in the dying seconds of the match. Watching the weekend’s fixtures got me thinking (between bouts of pulling out my hair) about how the parallel approaches to game strategy and security strategies overlap, but also diverge.
The ‘old world’ of cyber security can be defined by Mourinho’s strategy of “parking the bus”.
If you’re unfamiliar with the term, to park the bus in football parlance means to try and defend for the whole game with the sole aim of not conceding a goal. This requires full concentration and discipline from all 11 players to stick to the game plan and not make a single mistake. Any error in this strategy most likely leads to a goal for the opposition.
If we draw out this comparison, we can see that most firms today have a security strategy that can aptly be described as parking the bus; they hide their high-value assets behind a wall of supposedly impregnable defences, trying to fend off wave after wave of attacks with little-to-no proactivity.
In the short term this may prove effective, however common sense dictates that it is only a manner of time before defences fail. Eventually, a better opposition will break through those defences and the game is all but lost.
So, what is the alternative?
Well, you could petition FIFA to see if they’ll allow you to field more players to pack an already packed defensive line, or you could choose to go on the attack.
It is often said that the best form of defence is attack, but how would this hold up against better opposition?
Most times, the reason an opposition is considered ‘better’ is due to the quality of their players and the manager. If we correlate this to security, just adding more of the same defences will eventually see your company end up in the headlines and yourself in the unemployment lines.
Instead, investing in quality forwards to spearhead your attack will allow you to consider new strategies rather than just sitting back and hoping for the best. It can seem like a daunting task, particularly if you’ve only ever known one strategy, but if you do nothing you may as well let the attackers walk it in.
We’ve previously spoken about the amount of effort and spend in investing in the same old security technologies. The three-legged stool, as those of us in cyber know, is far too heavily weighted towards the protection/prevention leg, with little or no investment in the detection and response legs.
If you look at advanced services such as LMNTRIX Recon and Hunt, you will be able to turn the tables on your opposition; become the hunter, not the prey. By taking the game to the opposition, you can stop acting like a sitting duck, always expecting the worst.
The rules of cyber security today are very different to what they were five years ago. If you’ve been parking the bus, you must get on the front foot and develop a more responsive approach. If your defensive strategy has been to park the bus, your network is not only most likely compromised, but you probably have no idea you’ve already lost the match.
If you want to win, you have to investigate the current talent out there and invest in the services that are going to allow you to understand who is attacking you, the tools they’re using and where they’re attacking you from. With the proper intelligence, you can develop a defensive approach that can stand up to today’s breed of attackers.
After all, what’s the point in parking the bus when the attackers have a tow truck?