Co-authored by Bezawit Sumner, CISO at CRISP, Vision & Voice Member, & Coffee Chat Discussion Leader,
and Lisa Hayashi, Founder of Vision & Voice

Cybersecurity is not just about data, networks, and systems. It's also about strategy, tactics, and teamwork – concepts familiar to any football fan. As pre-season football approaches, the two of us found ourselves drawing some enlightening parallels between incident response strategies and our favorite Sunday pastime. At the risk of stretching a few metaphors, here are some of the parallels that jumped out to us…

Understanding the Game: Incident Analysis

Just as football teams pore over post-game footage to analyze their performance, organizations must conduct a thorough analysis after every cybersecurity incident. This scrutiny helps identify attack vectors, vulnerabilities, and the elements of their defense that need fortifying.

Reacting on the Fly: Defensive Strategy

Football defenses adapt to their opponents' tactics, switching formations and strategies in real-time. In the same vein, organizations refine their cybersecurity defenses based on attack techniques and patterns observed during incidents, always staying one step ahead of the game.

Practice Makes Perfect: Training and Preparation

The importance of training and preparation in football can't be overstated, and the same goes for cybersecurity. Regular training sessions, tabletop exercises, and simulations ensure the readiness of teams to respond efficiently and minimize the impact of any incidents.

Planning Your Moves: Playbook Development

Just as football teams have playbooks outlining various offensive and defensive strategies, organizations create incident response playbooks. These documents serve as a guide for responders, providing step-by-step procedures to follow during cybersecurity incidents, ensuring a consistent and effective response.

The Power of Teamwork: Team Coordination

Strong teamwork and coordination are vital for executing football plays successfully. Similarly, during cybersecurity incidents, effective communication and collaboration among IT, security, legal, and management teams are essential for coordinating efforts and mounting a successful defense.

Half-Time Adjustments: Adapting in Real-Time

During halftime, football teams make adjustments based on the first half's performance. Cybersecurity teams also need to make real-time adjustments during incidents based on the evolving threat landscape and new information gained during the response process.

Know Your Opponent: Threat Intelligence

In football, understanding your opponent's tactics is crucial for success. The same holds true in cybersecurity, where organizations conduct threat intelligence gathering to understand threat actors' tactics, techniques, and procedures, allowing them to mount a better defense against potential attacks.

The Best Offense is a Good Defense

Drawing these parallels between football strategies and cybersecurity incident response was not only fun but enlightening. We hope these analogies will help clarify the importance of incident analysis, defense refinement, team preparation, playbook development, team coordination, real-time adjustments, and threat intelligence in managing cybersecurity incidents. And as the whistle blows on the new football season, may it also signal a strengthened defense against the myriad cybersecurity threats we face in today's digital arena.

Join the Conversation! We've had a little fun drawing analogies between football and cybersecurity incident response, but now we want to hear from you. Have you ever encountered a cybersecurity incident where a football strategy could have applied? Or perhaps you have your own unique analogy to share?

Visit our landing page if you are interested in learning more about Vision & Voice