BBH Blog

Playing Offense with Cybersecurity Strategy in 2023

Written by John Allegro | Nov 18, 2022 9:39:06 PM

Football vs. Cybersecurity

As fall begins, so does football season. Many Americans save their Sundays to watch their favorite team battle it out on the gridiron over some wings and beers. While you’re watching the game, please take a second to think about how it compares to a robust cybersecurity strategy. Now we know what you’re thinking - how do you tie together football with cybersecurity? It’s not as hard as you might think.

Building Your Defense

Someone once said, “The best offense is a good defense.” As unlikely as it may seem, this adage applies to football and cybersecurity. You need a strong defense in football to keep the other team’s playmakers out of your endzone.

When it comes to cybersecurity, you need a solid defense to keep cyber criminals from getting their hands on your personally identifiable information (PII). It would help if you had the most robust defense possible to protect your data. Last season, the Buffalo Bills had the NFL’s best defense. So, it’s safe to say you want your cybersecurity to be like the Buffalo Bills.

Phishing vs. Play Action Strategy

If you think of the ball as malware and the offensive players as cyber criminals, even more connections appear between football and cybersecurity.

For example, many teams use a “play action” strategy where the quarterback pretends to hand off the ball to a running back only to pull the ball away at the last second and throw it. This is similar to the cybercriminal strategy of phishing, where a criminal uses a fake but authentic-looking email to trick their victim into opening up an attachment or clicking a link that leads them to malware. Both strategies use deception to trick their victims into thinking one thing is happening (a run play or a standard email), only for a different and detrimental action to occur instead (a pass play or a malware infection).

Runs vs. Pass in Disguise

So, can NFL defenses work against these plays to help us understand how to not fall for a phishing attempt? They sure can! Defenses will watch the offensive linemen determine whether a play is a run or a pass in disguise. If the linemen move forward to open a hole for the running back, then it’s a run. If they stand straight up and pass block, then it’s a pass.

In the same way, there are things you can look for in a suspicious email to figure out whether it’s real or not. We even have a fun name for it. It’s called the SLAM Method.

SLAM Method

SLAM stands for Sender, Links, Attachments, and Message. You should check the sender when you come across a suspicious email. Make sure the address the email is coming from is correct and doesn’t have any spelling errors. If it’s in any way wrong, you are likely being phished. Then hover over any links present in the email to see where they are taking you. If what shows up doesn’t match the name in the link or if it looks at all suspicious, do not click on it.

Never open attachments from unknown emails; they could contain dangerous malware that can infect your device. Even if it comes from someone you know, if anything looks off (or phishy), double-check with the sender through another form of communication. Lastly, check the email's message for any spelling/grammar errors or an uncommon sense of urgency.

We’re on Your Team

We’re not going to sit here and expect you to go over your training during the big game, but if you can find a way to connect what you love to what will protect your data, that could be what saves you from a breach.

Contact us to learn more about how we can defend you from cyberattackers, malware, and phishing.