What the 2022 NBA Finals Teaches Us About All-Star Cybersecurity

June 7, 2022 CyberArk Blog Team

What the 2022 NBA Finals Teaches Us About All-Star Cybersecurity

It’s NBA Finals time in the United States, and our global CyberArk team — from our die-hard Boston Celtics and Golden State Warriors fans to our threat researchers –by day, ballers –by night in Israel — is here for it. With Game 3 set to tip off on the Boston parquet Wednesday night, here’s a look at how the cross-country battle between the Celtics and the Warriors is feeling a lot like the war being waged on the identity battleground in cyberspace:

Long-range attacks are changing the game. The Golden State Warriors’ long-range shooters have revolutionized the game of basketball — no one more so than Steph Curry, who consistently makes “unearthly shots” from up to 30 feet away. Cyber attackers are also mastering a similar long-range approach to infiltrate organizations from afar — far beyond network walls. Intelligent identity security controls such as single sign-on (SSO) and multi-factor authentication (MFA) for remote workers and privileged access controls for external vendors are key to blocking these audacious long-range attempts.

Not every shot can (or should) be a three-pointer. Many baskets come on good shot selection. And often, scoring requires multiple passes, with the Celtics’  Jayson Tatum showing us how it’s done. But on the flipside, every pass is an opportunity for the other team. Looking for ways to limit this lateral movement — down the court or deeper into an IT environment — can limit offensive opportunities.

Protecting in the paint is the “heart” of your enterprise. Elite defense around the rim is one of the ways good teams become great. By defending the most important thing (on the court and in the enterprise, respectively), the Celtics’ Robert Williams III and privileged access management (PAM) have our vote for Defensive Players of the Year.

Don’t discount under-the-radar risks. One of the best parts about basketball — especially during the late-round playoffs and into the finals — is that teams constantly evolve, meaning anything can happen. Cybersecurity teams can’t just defend against attacks they’ve already seen or underestimate Payton Pritchard-type threats that could have the X factor that swings the whole series.

Defense (in depth) wins championships. The Athletic’s Jared Weiss writes, “The Celtics made the NBA Finals not because they could stop everything from happening by switching up on every play, but because it was able to invite the opponent into what was supposed to be a comfort zone.” In basketball and in cybersecurity, teams need a solid, layered defense with multiple players working together in unison to detect and respond to threats, close up gaps and sometimes even lull attackers into a false sense of security before turning up the heat.

Planning for turnovers is part of the playbook. Team playbooks outline detailed plans that players follow to help keep the ball in their possession. But these playbooks also account for less-than-ideal scenarios — and outline plays for when things go sideways. By proactively assuming breach — and testing their plays routinely — cybersecurity teams will be better equipped to regain possession, minimize damage and restore trust quickly after an incident.

Dream teams are made up of players with diverse yet complementary skills. You need the Michael Jordans and Magic Johnsons, of course, but you also need the Draymond Greens and Derrick Whites — players willing to put in the work, roll up their sleeves and get the job done, whether that means passing, rebounding, defending or scoring. Same goes for cybersecurity teams: Diverse skillsets and backgrounds make them stronger and more effective. And as the cybersecurity skills gap continues to widen, investing in an organizational dream team’s collective growth, well-being and success must be a priority.

And finally… unlike basketball, cybersecurity is a game that never ends. It requires extreme endurance, a powerful toolset and an endless supply of grit and ingenuity, just like basketball. Setbacks cannot distract from the mission or the road ahead. In the words of Klay Thompson after the Warriors’ Game 1 defeat last week, “It’s the first to four, not the first to one. We all have been through hard situations like this … and the best part about this is we have another opportunity.”

 

Previous Article
Extracting Clear-Text Credentials Directly From Chromium’s Memory
Extracting Clear-Text Credentials Directly From Chromium’s Memory

This research was initiated accidentally. After “mini-dumping” all active Chrome.exe processes for another ...

Next Article
Step Away From the QR Code and Read These 7 Safety Tips
Step Away From the QR Code and Read These 7 Safety Tips

This post is authored by Len Noe, a technical evangelist and white hat hacker at CyberArk. Listen to his re...