In modern football, teams need to adapt defensively depending on the opponent and the game, and the same is true for companies that live in a context of increasingly complex cyberattacks, with 56% of companies in Brazil have already been attacked by ransomware, according to a Kaspersky survey from May this year. Another parallel between soccer and corporate security is how each team/company decides to play. Unfortunately, the majority still prefers to close in on defense, while teams that excel at neutralizing attacks as quickly as possible focus their efforts on what matters: scoring goals or developing their business.
Although it sounds like a good strategy, the protection mechanism leaves both the team and the company vulnerable, giving them little time to react to a threat.
“To deconstruct the idea that being closed is good, we have to change the way we see the issue, because whoever prepared the boom will think that the team is closed. However, the opposing team has plenty of time to assess weaknesses and only needs one miss to claim victory.”, evaluates Roberto Rebouças, executive manager of Kaspersky in Brazil.
The executive explains that just like a championship final, cybercriminals are professionals and they investigate their victims well before entering the field for the game and they know what weaknesses to exploit. If they can spend 90 minutes forcing the weakest links, then the attack is successful.
“On the other hand, the teams that mark the ball out of the opponent in an organized way, end up neutralizing the attack prematurely and the goalkeeper sometimes spends the whole game watching“, it states.
But how are these approaches applied in practice? Kaspersky’s global Enterprise IT Security Risks survey shows that Around a third of organizations adopt a proactive defense, as they can identify a cyber attack immediately (10% of them) or within hours (22%). Most institutions, however, are still playing on the right foot and take 24 hours (18%) or days, weeks or months (48%) to find out that they have been attacked.
To achieve a level of excellence in cybersecurity, the team must be complete and play in an organized manner. To better understand the importance of each one, Rebouças once again takes advantage of soccer tactical schemes. “The first line of defense for any company will be the famous antivirus and firewall, and here I already include protection in cloud environments and EDR. They are all basically reactive because they are restricted to computers and servers and need to be attacked to find out if they are working fine or not.“.
Advanced XDR technologies and managed SOC services provide some opportunities to neutralize the attack in the early stagesbut these technologies still work in a restricted way.
“Although these are the most advanced technologies in the world of cybersecurity, they will only react correctly to known attacks. If the opponent uses a technique that has not been previously evaluated, it will fail”, explains the executive.
In order to neutralize all kinds of threats, the team needs to have real-time information on the field to be able to adjust the defense. In the real world, companies are limited to their network, but they can obtain this information through intelligence services, such as a threat feed with the basic information to recognize new malware or technical reports that help with investigations of specific incidents.
“A very common practice of companies that use these intelligence services is to contract three or four different platforms to obtain the greatest amount of information possible and be prepared for all of them. This information is integrated with existing protection systems and manages to block any attack at the first alert.”, highlights Rebouças.
The executive also clarifies that intelligence services are not something complex and advanced.
“There is a firewall that allows integration with the threat feed, and this allows blocking an attack at the edge of the network. The same goes for traditional antivirus and EDR, both will work better if they are guided by recent information from intelligence services. This means that any company, from small to large, can be more protected with something as simple as good information.”, he concludes.
Disclaimer: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
It may interest you:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.