The World Cup’s in full flow and we don’t have to look hard to find parallels with security. We’ve seen flashy attackers pitted against dogged defenders. The sport has even managed to bring technology into the mix at Russia 2018 courtesy of the video-assisted referee (VAR).
In football, attackers are the ones you see on the highlights packages. A moment of skill – or luck – is a lot easier to capture on camera. It’s the same in security. Think of the praise heaped upon pen testers and external hackers when they score wins against vulnerable organisations.
We think defenders don’t get the credit they deserve – in football or in security. The business of organising a defence is less glamorous and doesn’t easily lend itself to highlights reels. It takes hours of practice on the training ground to work on coordinating at the back, to limit the openings for attackers to strike. But as any football fan knows, a good defence’s contribution is at least as valuable to an organisation’s goals as the players at the other end of the pitch. And in truth, the teams that do well in previous World Cups have had a strong defensive lynchpin and a reliable keeper. (Think Cannavaro and Buffon in Italy’s 2006 winning team, or the Puyol-Casillas combination for Spain four years later.)
Football is a global game, and this summer’s tournament reminds us that attacks can come from anywhere in the world. An unfortunate Moroccan defender’s stray header into his own net gifted a last-minute victory for Iran (while giving Spain and Portugal something to worry about in the process). It shows that an opponent just needs to be lucky once, but defences need to be on guard all the time.
The World Cup is also a great opportunity to spread the security message among staff in an organisation. Crunch matches are happening during working hours, with the risk that distracted workers might be less vigilant to threats. Recent history has shown that large-scale sporting occasions bring scammers out of the woodwork in huge numbers. With the risk that people might be distracted with all the football, now’s a good time to strike with a reminder about phishing risks.
Let’s not forget about the risk of data breaches. The England World Cup camp unwittingly provided some fodder for data protection and security awareness campaigns last week. It was embarrassment all round after a photographer snapped what appeared to be the team lineup for the Panama match. To make matters worse, the accidental photo went public despite some impressive defences. The London Independent reported that “England’s training base is surrounded by three-metre screens to stop opponents spying on training and reporters are asked to leave after 15 minutes of open sessions”.
The lesson here is that security professionals need to cover all angles. What happens on the pitch – or in the public eye – is just one aspect of what an organisation does. With so many angles to cover, security professionals, like their footballing counterparts, need to keep their eye on the ball.