Motorcycle Safety Techniques and Cyber Defense SOC Services

Lately, I've been spending time after work and on weekends teaching my teenage son how to drive. These stimulating, sometimes death-defying, experiences have reminded me of an acronym I learned many years ago when I was training for my motorcycle driver's license.

In motorcycle safety training classes, they use "SIPDE," an acronym for situational awareness and risk management, that motorcyclists should use to make the right decisions while riding.

SIPDE stands for scan, identify, predict, determine and execute. While riding down the road, the rider should constantly scan the road and surroundings and check the rear-view mirrors. This allows the motorcyclist to identify potential risks, hazards and obstacles that may arise in traffic and on the road. When potential dangers are spotted, the cyclist predicts how they could respond. The motorcyclist must run through these scenarios quickly in their mind and determine the actions to take. Finally, if those dangers manifest, the motorcyclist needs to execute the strategy they decided would be the safest.

Best Practices for Safety

Like a motorcyclist humming down the road, our reseller and MSP partners can also employ the SIPDE methodology as part of the ongoing cybersecurity services they perform on their customers' behalf. This plays out through best practices and the technology products they use to protect clients.

Related:Barracuda Preaches ‘Partner Empathy’ Under New Channel Leadership

Scanning the network: This one is pretty obvious — if you provide cybersecurity services, you should be watching email, network, and application traffic using a combination of anti-spam/antivirus platforms, remote monitoring and management (RMM), and newer tools that leverage artificial intelligence (AI) and machine learning (ML) to scan for potential phishing, ransomware and other types of attacks. Because of the frequency, scope, and complexity of most attacks, a 24/7 security operations center (SOC) — in-house or outsourced — is the only way to provide the level of scanning required.

Identifying potential threats: This part of cybersecurity services has only gotten more challenging (registration required) as criminals turn to social engineering attacks, account takeover and other strategies that are difficult to detect using typical email filtering tools that look for malicious attachments or links.

Using AI-based tools that spot unusual patterns in network traffic, email correspondence and other anomalies is critical for successful security. To stick with the motorcycle metaphor, I am reminded of a quote from Robert Pirsig's classic 1974 book, "Zen and the Art of Motorcycle Maintenance" — "Some things you miss because they're so tiny you overlook them. But some things you don't see because they're so huge."

Successful cybersecurity requires us to leverage technology and experience to spot telling details while keeping an eye on the big picture of your clients' online ecosystems.

Predicting what bad actors will do: Cyber threats change and evolve daily. Security providers need to have visibility into client systems and back that up with the latest threat intelligence so they can marry what they're seeing on the network with what criminals are doing now (not what attacks they launched six months ago). Visibility without that type of insight isn't very helpful in the partners' role to both predict what the bad guys will do and to prevent it.

Determining proactive ways to mitigate risk and prevent attacks: Combining visibility and threat intelligence detection also helps security providers stay ahead of attacks by mapping out strategies to protect their clients. That should involve regular security assessments, frequent patching, education for clients and their employees, regular security alerts and robust reporting. It also involves the MSP's role in helping the customer to create and enforce policies around email use, password management, multifactor authentication and reporting around account access, financial transactions and other critical events.

Execute cyber defense strategies and actions: This can be the trickiest part for security providers since it goes beyond deploying effective technology and into the actual response if attacks and breaches occur. It's an unfortunate reality that stuff may hit the fan if the hackers aim their sights at your clients. Your staff will need to immediately execute by jumping into action to follow best practices and steps laid out in a detailed resilience and recovery plan.

Quick Threat Response Is Key

They used to refer to the internet as the Information Superhighway, and just like on the actual highway, there are potential threats all around.

The situation "on the road" is always changing, unpredictable, and ripe with new hazards. The "in traffic" challenges are similar as well — you have to spot threats and respond quickly. Automated security solutions can improve your response time. Combined with the proper security training — like the kind I am trying to give my son during our driving lessons — this approach can keep your clients rolling smoothly and safely forward.