The last time the New York Jets won a Super Bowl (in fact, the ONLY time they ever won), Richard Nixon was elected president of the United States. The year was 1968, kids.

One thing about being in the Super Bowl is both teams know who they are up against. The opposing team has just finished an entire season of football. Both teams will review the video recordings of every game so they know the strengths and weaknesses of the other team, and of their own.

Imagine YOU are the New York Jets, and you’ve just been notified that through a quirk of fate, you are playing in the next Super Bowl! Congratulations! Oh, but there is a catch. You don’t know who you are playing.

What does this scenario have to do with cyber security, you ask? Actually, quite a lot. For one, almost every network, especially homes and small businesses, are about as well defended as the New York Jets. Which means, not very well. And offense is completely out of the question.

As with football, so with networks. We need BOTH defensive AND offensive lines. We’ve already established that offensive cyber operations are off the table for home users and small businesses. Since we aren’t permitted legally to conduct offensive cyber operations, the next best thing is to detect an intruder early. In a computer network, defense equates to prevention. Prevention consists of firewalls and antimalware. Conversely, offense equates to detection. Detection consists of Endpoint Detection and Response tools, as well as Security Operations Center (SOC) analysts responding to alerts. In addition, your team can leverage Cyber Threat Intelligence (CTI) from the Intelligence-sharing groups and then actively hunt for those very threats on your network.

For most home users and small businesses, prevention is all they can afford. Because prevention is usually an automated process facilitated by software, you set it and forget it. Since most home and business users are running Windows 10, you have Windows Defender installed by default, and that is the best option for antimalware and the host firewall.

Detection is tougher because it usually involves hiring an SOC team (or tasking your IT staff with additional duty, for which they aren’t trained). For a small business and home user, detection and threat hunting is only feasible with a Managed Security Service Provider (MSSP). For example, Dell purchased SecureWorks a few years ago, and AT&T purchased AlienVault to provide those services. The downside is most of the MSSPs target large businesses with deeper pockets. You just need to make sure you pick a vendor that can provide the sweet spot of security and cost.

The sweet spot is really about covering all your bases (forgive the mixed metaphor). Getting prevention and detection capabilities in place. But even when you do that, the persistent attackers will still get through. Eventually. That’s where the cyber insurance comes in. A great place to start looking for solutions would be Stickler-Webb Insurance. There you can get cyber insurance quotes and find a cost effective SOC vendor to provide the offensive line.

You are not going to the Super Bowl. If you have a computer network, you are already IN the Super Bowl. Relying on prevention alone is like going to the Super Bowl with only your defensive line. Imagine how that game would turn out. You are in the game whether you like it or not. Make sure you at least HAVE an offensive line.

Co-written by Dan Gavin and Tom Jewkes, the cyber guys from CyberEye. An archive of past articles can be found at www.cybereyeaw.com/blog Contact us at gavin@cybereyeaw.com and tom@cybereyeaw.com

Co-written by Dan Gavin and Tom Jewkes, the cyber guys from CyberEye. An archive of past articles can be found at www.cybereyeaw.com/blog Contact us at gavin@cybereyeaw.com and tom@cybereyeaw.com