28 Mar Dr. Jay: Cyber Defenders Need To Mount A Full Court Press
The head coach of cybersecurity at a Fortune 1000 corporation on how to play “D”
Northport, N.Y. – Mar. 28, 2019
The pregame show for ‘Full Court Press’ was filmed at Recreation Hall in Old Westbury, N.Y., home court for the Bears, New York Institute of Technology’s NCAA Division II (NYIT) men’s basketball team.
Cybersecurity is all about playing defense.
Your team is down a few points late in the game. Your opponent just scored, and now you must force a turnover to stop them before the clock runs out.
Now what? Which defensive strategy will you pick? A full court press?
Wait. This is supposed to be about cybersecurity. What does basketball have to do with security?
“Cybersecurity is definitely a basketball game. You have to be creative. You have to be creative in your cybersecurity strategy, just like you have to be creative in basketball,” says Dr. Jay, chief information security officer (CISO ) for Xerox, former deputy CIO for the White House, and our very own CISO Ambassador.
A self-proclaimed student of basketball, Dr. Jay has learned how to turn hardwood defense into cybersecurity strategies.
When asked about this, Dr. Jay explained there are a lot of different ways to play defense in basketball — man-to-man, zone coverage, lockdown defense, and even the Hack-a-Shaq. “If you think about it from a cybersecurity perspective, you can’t just have one defensive strategy. You have to have many defensive strategies” that layer on top of one another to keep out cyber adversaries.
Dr. Jay says that man-to-man defense is the securing of each device within a network. Zone defense includes thinking about how to defend different portions of a network and distinct devices. The concept here is to take an overview of the whole system and secure each section strategically. She believes that the lockdown defense evolved into the Hack-a-Shaq, “and that is defending my endpoints” by creating a trap to deter criminals from entering a network.
“So you’ve got all of these different defensive strategies that are coming into play,” says Dr. Jay. “And it’s in overlapping defensive strategies that cybersecurity gets the best protection. I think it’s a great strategy because it allows you to have a stopgap.”
But wait, isn’t basketball both offense and defense? How does the analogy work for cybersecurity if it focuses only on defense?
Dr. Jay has that covered, too. The offensive side involves always looking for vulnerabilities within your network, just like the other side is always looking to exploit them. She even recommends that in addition to planned security tests, running an ad hoc testing campaign can sometimes point out various weak spots because criminals don’t always follow a script.
Any form of defense requires vigilance, so paying full attention on the cyber court is paramount to stopping the other side from scoring.
“It is actually a full court press. You have to play the game the entire time,” says Dr. Jay. “You have to be in it the entire time because the first time you’re not in, the first time you lose focus on the ball, the first time you lose focus on your court, the other team is going to steal the ball.”
The pregame show is over. Stay tuned for the game. In the first quarter, you’ll watch all-star cyber specialists Stu Sjouwerman, CEO at KnowBe4, and Kevin Mitnick, the world’s most famous hacker, share their strategies for defending against cybercriminals. It’s a classic showdown of the white hats v. the black hats.
– Steven T. Kroll is a public relations specialist and staff writer at Cybercrime Magazine.
Sponsored by NYIT
NYIT is a Certified Information Assurance Courseware Institution designated by the National Security Agency (NSA) and the Central Security Service for their shared goal to create new technologies to secure critical national information and data pools. NYIT is also Long Island’s only NSA-DHS National Center of Academic Excellence in Cyber Defense (CAE-CD), a prestigious designation that is integral in helping NYIT faculty compete for research grants and promoting NYIT students to secure government and private sector scholarships (and jobs) in cyber defense.