This weekend, the Swiss city of Lausanne hosted the final of the World Triathlon Series where triathletes from across the world came together after a season of racing to fight for the global title. Due to the number of disciplines involved, triathletes are often considered to be some of the most dedicated sportspeople, and often excel in their sport while at the same time holding down high-powered full-time jobs.

Triathlon involves a trio of swimming, cycling and running, requiring competitors to be at their peak in not one, but three sports. To this they have a “fourth” discipline to master, namely the transition between each of the three activities. Training schedules often need to be prepared meticulously and while every race takes the same format, tactics have to adapt to race conditions.

Many similarities exist between the approach to triathlon disciplines and those needed to address cyberattacks; after all, security professionals have to master a number of defensive tools and techniques, and constantly seek to ensure their skills are honed to match against those of potential cyberattackers.

1. Preparation is key.

It’s rare to find high-level triathletes who have not achieved success on the back of a consistent season of training, or even years of preparation (and many failures en route). Success is the result of hard graft and honing techniques, often taking into account the latest scientific research around the best methods for success. Triathletes have so many different types of training to fit in that must be adapted to their own skills and other life commitments that it’s not just a case of making it up as they go along – training will be carefully planned to focus on improving where there are weaknesses and making key strengths even stronger. Professional triathletes also expend considerable efforts in honing their transition techniques – shaving off a second here or there when changing from swimming to cycling, for example, could mean the difference between winning and coming second.

Competitors in the Lausanne event
Image: Ben Lumley, ITU Media

Just as meticulous planning is required to prepare for a triathlon, the same is true when planning how to defend against and respond to a cyber incident. The organizations that are better at containing cybersecurity events have invested sufficient time and resources into understanding their business requirements and developing plans to mitigate the impact of likely attacks. Like triathletes, effective cybersecurity professionals will also take into account latest research and scientific developments to both understand weaknesses and develop tailored plans to respond to them. Ensuring that vulnerabilities are assessed and capabilities developed to mitigate them could be decisive between successful defence and succumbing to a business-crippling cyberattack. A mere few seconds here or there could make the difference between success and second place in a race, so in cybersecurity, even the smallest slips or delay in responding to incidents could make a big difference to the impact of an attack.

2. Focus on the goal and maintain resilience.

Training for any sport requires an understanding of what you are working towards, and the triathletes competing in Lausanne will have focused on ensuring they can compete at their peak since the day they qualified. Their strategies will include ensuring they are well rested in the run-up to key events and that their training plan strikes the right balance between building fitness while ensuring the body has time to recover. Triathletes must also ensure that their equipment is fit for purpose and versatile enough to react to changing course and weather conditions. Many a triathlete has come unstuck (sometimes literally) thinking it would be a good idea to try a new bike or component on the day of an event, or through not taking into account external conditions that could impact their performance on the day.

In ensuring that organizations are prepared for a cyberattack, security teams need to identify their goals and have strategies in place that clearly define how they will be met. Each incident could be considered a sort of finish line, or a trial event that tests the readiness of the cybersecurity team, just as the triathletes in Lausanne have competed in a year-long series of events culminating in the finals of the World Triathlon Series.

Like the triathlete, the cybersecurity professional needs to be familiar with the tools and equipment they are using. Defensive tools and techniques such as vulnerability scanners and firewalls should be regularly reviewed and tested to confirm that they are effectively protecting against known vulnerabilities. It’s also judicious not to introduce new strategies in the middle of a real-life situation – tried and tested tools and techniques can best be relied upon for success.

A well-rested team is also crucial to success in the cybersecurity world. Just as cyber teams need to see to it that they are consistently on top of their game, the skills and time of scarce cyber resources must be protected. A recent survey of 408 chief information security officers in the US and the UK revealed that each one of them found their role stressful, with 91% reporting they suffer moderate or high stress.

3. Teamwork is the most effective means to succeed.

The best sporting moments occur when a team is working as one. Knowing exactly what to expect of each other, with each team member adding their own skills and value results in a team that is greater than the sum of its parts. Athletes are supported by a range of behind-the-scenes resources, be they physiotherapists, psychologists or coaches. Triathletes can also help each other out in races to achieve team successes – for example by protecting each other from stray elbows and kicks in the swimming or helping set a pace on the bike or run. Filial teamwork was also displayed in the dramatic 2016 final of the World Series by the UK’s Brownlee brothers when Alistair carried his fatigued younger brother Jonny over the finish line in an (ultimately unsuccessful) attempt to claim the world title.

Similarly, it’s no secret that cyber - and wider - organizational success is a result of teamwork. Successful cybersecurity strategies come about through collaboration between a wide range of individuals and functions within an organization, and are not the preserve of the IT function alone. Organizational or team resilience is also more important than being a performer. In responding to cyberattacks, the team either succeeds or fails. More than just mixing diverse skill sets, team members need to focus on strategic rather than personal success.

Teamwork between organizations and at an international level is also increasingly needed to confront a range of cyberthreats. Likewise, cyber defence mechanisms can learn from other business functions about how to boost performance and collaborate with peers to share success (and failure) stories and help each other to be best prepared. Ultimately, like in the Brownlee example, cybersecurity professionals need to weigh up the cost of mitigating a vulnerability to ensure the returns on their investment will not be wasted effort.

4. Tailor your defence.

Going into a competition, all great teams and athletes understand what their opposition is trying to achieve and will have developed a strategy for overcoming their advances. Similarly, the World Series athletes will have studied the form of their closest rivals and will have developed strategies to counter their strengths, whether by setting off at a blistering pace on the bike, or sitting on their competitor’s heels on the run until they feel that injecting a burst of pace might result in the most damaging impact – for example, when their competitors are drained towards the end of a race.

Good cybersecurity strategies require a finely tailored approach to defend against the most likely risks and threats and focus resources accordingly. Teams should ensure they have conducted appropriate business risk analyses and vulnerability mapping that incorporates lessons learned from previous attacks or incidents. Just as triathletes will often wait to capitalize on a missed line or a slowing in pace by their competitors to launch an overtaking effort, complacency and letting procedures and training regimes slip is just what cyberattackers will be looking for to find a way into unprotected systems, or to target new or untrained employees who might inadvertently help provide access.

Conclusion

Cybersecurity professionals can learn from triathletes’ abilities to master a range of disciplines and maintain sustained effort across a number of different competencies, drawing on support from a wider team. Both must learn from scientific research and latest developments and use scarce resources to fuel themselves over a long-fought race, constantly adapting to shifting conditions, never quite knowing what might lie around the next corner. Preparation, resilience, teamwork and tailored defence are key to ensuring success.