Cisco UK & Ireland Blog

Running with a winning cybersecurity strategy

April 21, 2017

For anyone running the London Marathon this weekend, I just wanted to send huge amounts of good fortune and positive vibes. Just remember that for every mile you run, you’re adding one minute onto your life*. So now, you’ll know to spend those extra 26 minutes wisely.

*This might be a lie….

I’ve never taken part in a full marathon, so I’m in complete awe of you crazy cats who undertake them. However, I’m a proud finisher of the biggest (and best) half marathon in the world; the Great North Run. It helps that the start line is right outside my flat – far less time to talk myself out of it on the way.

What struck me during this event was, firstly, a water balloon (courtesy of the neighbourhood kids – thankfully it was a rather refreshing distraction at mile 10). The second thing that struck me was how much it was possible to overlook the basics when preparing for something like this.

I’m not the most natural of athletes. My attitude to exercise is that if we were meant to touch our toes, they would be a lot farther up our bodies. To compensate for that, I thought I needed to purchase a significant amount of “gear”.

So, if a piece of clothing came with a label signifying that it was thermodynamic, aerodynamic, and indeed anything-dynamic, it probably wound its way into my shopping basket. Running watch? Yep. Spotify playlist which included ‘Eye of the Tiger’ 7 times? Absolutely.

All these instruments certainly added to the fact that I managed to complete the Great North Run on the same day on which it started, but the problem was that because of them, I forgot about some of the most basic best practices for an endurance run.

For example, the Great North Run has some significant hill inclines. They’re not dramatic gradients like the streets of San Francisco, but they just go on forever. I hadn’t done any uphill training because, well…ouch…That was my first mistake.

My second mistake was setting off too fast. I hadn’t thought about an overall strategy to get to the finish line, but I knew that going too fast was never going to be an issue for me. I didn’t do fast.

However, my adrenaline was pumping having had Mr Motivator, living up to his name, warm us all up at the start line. Plus the enthusiastic shouts of ‘Oggy Oggy Oggy! Oi Oi Oi!’ by my fellow competitors whilst running the underpasses of the A167 – a tradition for the Great North Run – meant that my legs were going faster than they’d ever been previously tested.

I got to mile 2 – the start of one of the inclines – and realised I needed to stop. In my training runs I’d been able to consistently get to 7 miles without needing a breather, but I knew if I didn’t stop now I’d be down and out before mile 3 was upon me.

It was also an unusually hot day in the North East – around 22 degrees – and all my training runs had been done at night. I wasn’t used to this sort of tropical climate.

All in all, I’m proud that I did the Great North Run. I raised a good amount of money for Alzheimers in memory of my wonderful late Gran who had passed away a few months prior, which was the whole point in doing it for me. But I could kick myself for not properly training for it, and overlooking the basics, for the last 11 miles were an utterly miserable experience.

Having worked in cybersecurity for a number of years now, it still strikes me as to how little strategic thought is given to this industry. We’re living in a world where malicious tools and services are readily available via the internet, and mirror what’s available in the legitimate IT sector. That has caused a great deal of ‘panic buying’ of multiple point products which serve different purposes, with little consideration as to how it can really impact on the business.

Essentially, we have tried to solve the problem of cybersecurity by throwing unconnected technology at the problem, without a clear strategy in mind. This has created even more problems, because hackers thrive in complex systems. They make their business from finding the gaps, and pursuing the weak links in our systems so that they can steal valuable data and profit.

If any experienced runners read my recounting of my Great North Run experience and tutted at my naivety, you’d be well within your rights. And yet it’s a similar approach to how many businesses have tackled cybersecurity. A product first mentality, which lacks an overall strategy.

What businesses really need is a strategy which improves visibility; allowing them to see what threats are coming in, and simplifying their architectures.

Getting to a point where they only need to see a cyber threat once, before instantly defending against it everywhere on their networks, has to be the goal.

A lot of IT security is also about applying some common sense principles and policies. After all, most hacks happen because someone made a mistake – they clicked on an unknown link, opened an attachment, didn’t spot a spoofed email, or added a malicious USB stick.

The greatest threat is often right under your nose (employees who don’t have a grasp of basic IT Security), and it’s the combination of user vigilance, the right processes, and the right technology solution which will create a secure environment.

Whether it’s preparing for a long run or tackling the issue of cybersecurity, never underestimate the importance of thinking things through and working to a clear strategy.

Finally, I’d just like to reiterate my opening sentiment by wishing all the London marathon runners the very best of luck this weekend. You’re doing a wonderful, wonderful thing and I hope you gain everything you want to achieve.

Leave a comment