The Goal Line Defensive Mindset

The Goal Line Defensive Mindset

With football season in full swing, it’s a prime time to talk about defense. No matter what team you root for, defense is the one area we all would like to improve on. Especially the goal line defense.  For those unfamiliar with football, the goal line defense is when our team is backed up to the end zone with the opposing team’s offense mere inches away from the promised land. Our defensive focus is to prevent that offensive attacker from breaking the plane of the goal line by putting almost all of our efforts on the line of scrimmage to prevent the penetration of the goal line. At this point most coaches would tell you they hate goal line situations. It is pass / fail at this point.

And more times than not, this situation works in favor of the offense.

One of the reasons that the goal line defense struggles so much is that it limits the defense’s ability to protect the end zone. We have shrunken our defensive options, we have moved from our use of the linebackers in coverage and passing rushing to strictly protecting the line. The same thing with the secondary, rather than roaming in pass protection they are pulling in to further shore up the line to prevent a running back from jumping up and over. The more we talk about this approach to the game, the quicker it becomes apparent that it is really set up for failure.

At this point you are probably wondering, why we have picked apart the goal line defense in football?  This was supposed to be an article on cybersecurity…right? Unfortunately, the philosophy of the goal line defense and the approach that too many financial institutions take in their cybersecurity defenses are very similar.

For years, our technology leaders have been telling us “we have a firewall and a virus scan, we’re good”.  The audit and regulatory teams, until recently, have helped support this model.  Unfortunately, this model is the equivalent of the goal line defense.  We have essentially built up our defenses that all reside at the perimeter:  firewalls, virus scans, web filters, and spam filters.  These are all tools that are designed to keep the network perimeter intact in a world where if an attacker is successful once in every 1000 attempts, he wins. 

Once that attacker finds their way past the perimeter, what tools are in place to limit, hinder, or even come close to detecting their presence. In most cases, when any organization breaches an attacker will have unfettered access to the network for on average of 289 days before detection. Once detected, it can take up to an additional 90 days before fully eradicated from the network.

One more time.  289 days before detection.  90 days before fully removed.

Think of where all of your critical, sensitive customer data resides on the network.  Probably in a public file share, in a folder called “Credit Analysis”. Now think about what resides in that folder:  SSN, personal financial statements, tax returns, credit reports, asset lists, and more.

Now, who in your institution has access to that folder? Tellers? Personal Bankers? Loan Officers? In that group who was the last one to have an issue with a virus, or click on a link that did something funny? This is why it is critical to break our current beliefs about network security. In our current state, we are one click away from disaster.

Breaking away from this model will take a different mindset, ultimately it takes the mind of an attacker to understand the anatomy of an attack: how does an attack begin, what are the steps that an attacker must take to gain a foothold in the network, and what are they looking to get once they are in.  Only then can you begin to formulate a defensive strategy that is designed to break away from the perimeter defense mindset, and start to focus on developing a true layered defense focused on creating difficulties for a potential attacker by taking away the tools they need to better secure the network and protect your customer’s sensitive personal information.

For those interested in finding out more about layered approach to network security, contact StrataDefense at (715) 842-7665.