Ask most defensive coordinators in the NFL the question, “What Wins Championships?” and they’re likely to answer that a dominant defense always wins. Ask most offensive coordinators that same question and you’re likely going to receive the opposite answer. If you ask most head coaches that very same question, they will say you need both a great offense and a great defense to win. The head coach is ultimately responsible for the entire team, and while they may receive the most glory when their team wins—they also tend to bear the brunt of the blame when they lose. Most DSO/DMO organizations today have a “JV Defense” in place with little or no offense. To win the battle against criminal opponents, you must have both a strong offense and defense in place. Trusting that your coordinators have a strong plan in place to protect your organization is okay—but verifying that they have put you in a position to win is best practice.
If you are the “head coach” of your DSO/DMO, or the head of a division within your organization, are you confident that you have effective offensive and defensive strategies in place to protect your organization from a possible cyberattack or ransomware event? If not, then it is time to draw up an actual game plan that will put you in a position to win the fight against criminal organizations. As the target on the back of DSO/DMO organizations grows larger and larger each year, changing your approach to how you are protecting your business must be one of your top priorities.
How To Begin Creating Your Game Plan?
Unlike head coaches for athletic teams, you don’t have the luxury of watching your opponents’ game tapes to learn what makes them successful and where they have weaknesses. If such a thing even existed, you would be forced to study the patterns and tactics of hundreds of adversaries. What you do have access to is cybersecurity companies that perform forensic investigations into attacks that have successfully targeted organizations. These companies know exactly how the criminals win and what their game plan is likely to be to beat their next opponent. Credentialed, board-certified cybersecurity experts are your cyber offensive and defensive coordinators who assist and work with your internal/external IT resources to strengthen your existing security posture. If you were to ask these “Cyber Coordinators” what an effective strategy is to beat your adversaries, they will tell you it is both offensive and defensive game plans that are required.
How To Build a Strong Offense
To win any game you need a team of well-trained athletes. To win the cyber battle, you need a well-trained team of cyber defenders. The most common way that DSO/DMO organizations are hacked is by criminals targeting your team members. Spear phishing is just one tool that hackers use to target your C-suite, executives, doctors, and office staff. These hackers are now utilizing AI technology to assist them in their efforts and the ability to detect potentially malicious communications is becoming more and more difficult. Without proper cybersecurity awareness training, your team is almost defenseless against these criminals. Empowering your team and providing them with what they need to make good decisions is essential in any offensive strategy. Training, testing and ongoing simulated phishing campaigns is how you build a strong team of cyber defenders.
The second most common way that DSO/DMO organizations are breached is by targeting your network vulnerabilities. Every device connected to a network within your organization is likely to have some vulnerabilities present. These devices include firewalls, servers, workstations, laptops, printers, security cameras, phone systems, and all IoT devices (smart TVs, music systems, etc.). Implementing an ongoing vulnerability scanning and remediation strategy is critical in protecting your business. Identifying all the “open doors and windows” into your organization and closing them before the criminals find them is a critical part of any offensive strategy.
A security risk assessment performed against your organization by a credentialed security expert is another effective offensive strategy. A cybersecurity engineer with the credentials CISSP or HCISSP should be working with you and your IT resources to make sure that everyone within your organization understands what your entire attack surface is. Remote access, 3rd party integrations, backup solutions, and policies and procedures as they relate to security, are just some examples of areas that should be addressed by credentialed security professionals. These are effective offensive strategies that will help your IT resources, management, and HR focus on the areas where there are possible weaknesses and address them before the criminals can target them.
Building a Stronger Defense
Anti-virus software has been an invaluable tool for decades, but it is not equipped to protect your organization from a modern-day cyberattack. Relying on decades-old technology to protect you from a modern-day problem is not an effective defensive strategy. Upgrading your technology and implementing Managed Detection & Response (MDR) into your organization is a critical step in building a strong defense. This technology uses AI to recognize the fingerprints of malicious code and unnatural movement inside of your network. A good MDR program also has the ability to quarantine a device that is being targeted and fight back to defeat the malicious code. MDR is an effective defensive strategy that should be relied on to win the battle in the event that any part of your offensive strategy fails.
Penetration testing is an offensive strategy that should be used to test your defense. Criminal hackers use this tactic every day to test DSO and DMO defenses. You should engage with “white hat” (ethical) hackers to test the systems that you have put in place. This is an important part of any cyber strategy. Using ethical human hackers (not a piece of software) to test your systems helps further ensure criminals can’t gain access to your network.
Not Having a Game Plan Can Be Extremely Costly
Protecting your DSO/DMO against a debilitating cyber event should be a critical part of your game plan for 2024. These attacks are ever increasing and the damage they inflict against their targets continues to grow. The sophistication of the attacks that we’ve witnessed in 2023 has led to the increase in the amount of downtime that businesses are subject to, not to mention the damage to their reputation. The average downtime for a DSO/DMO following an attack has increased to 12–14 days. In addition to the complete loss of business continuity, organizations are also faced with ransom fees, network replacement costs, legal costs, and cyber investigation and recovery fees. It’s important to note that almost every ransomware attack now involves the “theft of data” which could potentially lead to penalties related to compliance regulations and crippling class action lawsuits.
It is essential to have a game plan in place now and build an effective strategy so you can continue to grow and thrive in 2024. Cyberattacks can be avoided. Don’t let a cyber event delay your growth plans or destroy everything you have worked so hard to create!