The Perfect Defence: How to Stop Cyber Criminals from Scoring

Written by Sam Woodcock, Senior Director of Cloud Strategy at 11:11 Systems  

Data is more plentiful, valuable and interconnected than ever before. Unfortunately, this has led to a cyber threat landscape that is increasingly dynamic and costly to business.

Cybercrime inflicted approximately $6 trillion in damages globally in 2021, an annual figure that is set to reach $10.5 trillion by 2025. This is equivalent to the world’s third-largest GDP after the U.S. and China. It is a threat that requires a comprehensive approach to defending, protecting, and recovering data, avoiding vulnerabilities and maintaining business continuity.


The NIST Framework

In 2014, in response to the already escalating cyberthreat landscape, the National Institute of Standards and Technology (NIST) published the “Framework for Improving Critical Infrastructure Cybersecurity”, or CSF. Originally intended for critical infrastructure, it is increasingly and globally recognised by governments and organisations alike as a best practice guide to cybersecurity risk management and resilience.

Comprised of five risk management functions (Identify, Protect, Detect, Respond, Recover) the framework acts as the foundation which supports a highly effective risk management strategy.

Think of modern data protection as a game of football. As the opposition continuously delivers new, sophisticated waves of attack on your business, your organisation’s cybersecurity strategy is your defence. Here we liken the five risk management functions to the five key defensive football positions that make up your protective strategy. Without any one of these, the attackers – or cybercriminals – cannot be stopped.


Identify – Central Defensive Midfielders

Starting just in front of the defence is the central defensive midfielder (CDM). A good CDM is positionally aware, with the ability to anticipate their opponent’s next play, possessing strong marking, tackling, interceptions, passing and displaying great stamina and strength. The CDM helps to lead the team from the centre of the pitch, quick to identify and recognise incoming threats and attacking plays.

The skills of a good CDM lie in their ability to “identify” threats. Identifying problems and vulnerabilities across your organisation is critical. Like the defensive midfielder, this means managing risks and threats, while also identifying and calling actions. Ongoing discovery through testing and continuous risk scanning for potential incoming attacks helps companies remediate vulnerabilities.

The first step in effective IT governance and security is identifying and managing IT assets, but in the same way the role of the CDM is often seen as one of the most challenging and important in a football team, without the ability to identify risks your organisation risks a loss.


Protect – Centre-Backs

The centre-back protects and defends the important central spaces in front of the goalkeeper, often seen as the last line of defence. Preventing an attack and keeping a clean sheet is paramount to defensive success, both in football and cybersecurity. Centre-backs mirror the “Protect” function of the CSF, in which an organisation creates a multi-layered defence that protects people, processes and entire IT infrastructures.

The centre-back is at the heart of the defence, regularly communicating with teammates to ensure that the defensive positions are working together. In the same way that a solid firewall establishes a barrier between a trusted network and an untrusted network, the defence works as a collective unit, constantly monitoring and controlling traffic to protect the organisation within.


Detect – Ball Playing Defenders

As a central defender, ball-playing defenders still need the attributes of a centre-back to stop opposing attackers. However, the ball-playing defender’s role is hybrid in nature, requiring both the technical and mental attributes to allow them to launch defence-splitting passes from deep.

Their success is dependent on their ability to pivot quickly to changing plays and strategies. Within the NIST CSF framework, this quality is essential in detection processes. Continuous detection and security monitoring is paramount to spotting anomalies and events within the “Detect” function.


Respond – Full-Backs

The full-backs are located out wide and traditionally stay in more defensive positions throughout a match. Constantly responding to scenarios and attacking plays, a full-back’s primary focus is on analysing and mitigating the oncoming threats of opposing attacks down the wing.

In the NIST CSF, the “Respond” function operates much like full-backs. In football and cybersecurity alike, there are constant threats to respond to. Analysing the game and threats, while communicating with teammates and other functions, helps to mitigate the attacks and improve the defensive framework.


Recover – Goalkeeper

The goalkeeper is the final barrier, the last line of defence to prevent the other team from scoring. Yet that is only half of the goalkeeper’s role. The goalkeeper can punch the ball, catch the ball, or kick the ball back into play: once an attack has been mitigated, they offer the team the chance to recover quickly and get back into position. They protect the goal, help coordinate the defence, facilitate communication, and distribute the ball.

The ultimate goal of both a goalkeeper and that of the “Recover” function in the NIST CSF is to mitigate attacks and reset the team for the rest of play, whether

the opposition team is on a football pitch or behind a computer.


Building your multi-layer defence

The best defences are prepared at all levels. In football, if one defensive player isn’t up to scratch, even for a split second, it can have a detrimental impact on the whole team. In business, ensuring your entire organisation is ready with a multi-layered data prevention and protection strategy in place is critical to ensuring business continuity.

The unfortunate truth is that it is no longer a matter of if, but when, an organisation will suffer data loss. This means that secure, reliable backup has never been more important when protecting critical data. A State of the Channel Partner Report found that 96 percent of companies with a trusted backup and disaster recovery (DR) plan were able to survive ransomware attacks. The same report found 93 percent of companies that suffered a major data disaster without DR in place were out of business within one year. Selecting the right manager, like 11:11 Systems, is a safer path to ensure your business is set up with the right strategy to defend the organisation and deliver that all-important peace of mind.



Previous post Explore the capabilities of immersive technology at second Industry Showcase event hosted by Wrexham Glyndŵr University
Next post GreyOrange Transforms Warehouse Fulfillment with Its GreyMatter Open API