With the Australian Open beginning on Monday, we’ve done some thinking around the similarities between tennis and cyber security. While these might seem like polar opposites to some, we’ve come up with 10 similarities between the two – check them out below:
Defining tennis and cyber security
Tennis and cyber security may seem like they exist within very distant realms. One can be defined as a widely popular racket game played in singles or doubles, sometimes involving gruelling, long rallies in the sun and played on grass, clay or artificial courts.
The other is a practice or profession encompassing everything from educating users about the importance of strong passwords to defending against malicious cyber-attacks on an organisation’s network. It can also be succinctly described as the convergence of people, processes and technology as a means of protection against emerging cyber threats.
While tennis is a sport dominated by so few players (the likes of Federer, Nadal, Williams, and Djokovic), cyber security is more akin to a world-wide responsibility. However, if we look at the latter through an analogised lens of the former, maybe, just maybe, these two, constantly evolving matches aren’t as different as we think.
What parallels can we draw between what we see on the tennis court and in cyber security?
1. Preparation is key
We’ve long been emphasising the importance of proactivity and preparation in cyber security. For Content Security, proactivity means ensuring you are protected prior to cyber-attack. This means setting the ground rules and putting a security strategy and controls in place as a means to prevent attack, not to react to it. It also means strengthening your weaknesses while polishing your skills.
Think about it this way – in tennis you’re faced with an opponent who is looking for weaknesses in your defences. They are (like hackers) looking for holes in your play and will attack you on the court where they believe you aren’t protected or skilled enough. Just as in tennis, you need to anticipate your adversary’s next moves and proactively close the gaps. This can be done by doing things like taking penetration tests or security control reviews.
2. You have to expect the unexpected
Yes, we just said preparation is key – but there’s a certain advantage to being able to act on your toes. In each game, tennis players are expected to respond to whatever is thrown at them on the court. They are constantly problem solving and acting with a measure of unpredictability. Some of the greatest qualities of a defensive tennis player include the ability to anticipate their opponent, including their speed, their stability and their ability to hit the ball with optimised power.
When you’re facing an unseen adversary you need to be able to do the same. Cyber criminals are always developing their attack methods, finding unique and novel ways to exploit your defences. Your strategy should assume that compromise is inevitable and perhaps has already happened – prioritise threat hunting as an anticipatory means of protection.
3. Precision and attention to detail are invaluable
At its core, tennis is really a game of accuracy. Players must develop amazingly precise swings and be able to visualise the court with hawk-eyed focus. The same can be said for cyber security experts. For professionals within the information security and technology realm, precision is imbued in every element of their practice.
For example, ensuring the accuracy and integrity of forensic data is one of the most important parts of responding to and investigating a security incident. Alternatively, precision is invaluable to cyber security because it removes the potential for mistakes and minimises the age-old issue of false positives.
4. A timely response is crucial
In both tennis and cyber security, time is truly of the essence. We’ve all seen our favourite tennis player sprint for a ball, just managing to scoop it back over the net and regain their stance. In cyber security, the more time an attacker has in your network, the more control they have and potentially the more damage they may inflict. That’s why timely detection and response are critical. Being able to quickly detect, analyse and respond to the situation could mean the difference between dealing with a massive security incident and stopping it in its tracks.
5. You have to simulate what your opponent does
Great 2 weeks in Adelaide! What an experience. Thanks @tennisaustralia.— Jannik Sinner (@janniksin) January 28, 2021
So grateful to @rafaelnadal and his team for having me practice with them. Amazing to spend time learning from one of the greats. Learnt some cheeky football skills too, thanks Team Rafa! 💪🏼👊🏼 pic.twitter.com/UlI0DGe8La
Learning from your opponent in cybersecurity is a matter of garnering global intel on adversary tactics, staying up to date on their attack vectors, and mirroring this knowledge in your defences.
6. Constant training is required
“The next point – that’s all you must think about”
– Rod Laver
Tennis, like information and cyber security, is a fairly difficult sport to master and expert players need to put in a lot of years of training. Even then, there is never enough development to be done. As Rod Laver said, it’s “the next point – that’s all you must think about.” This is because the threat landscape is continuously evolving and cyber criminals are continuously honing their skills. Veritable cyber security professionals understand this need for continual development, whether that’s educating yourself and picking up extra certifications, doing security awareness training or learning in a recreational way.
7. It’s important to learn from your mistakes
In tennis, in cyber security and in life, some things can be obtained with practice, but others are achieved through experience. For tennis players, a lot of their skills are developed by re-watching matches, analysing past mistakes, and running through plays. By analysing security incidents you can see where you went wrong, gather information (or in the case of cybersecurity, forensics), and make plans for improvement. Making these iterative kinds of developments and addressing where your strategy or controls faltered is imperative to building resilience within your cyber security strategy.
8. You need to celebrate your wins – both big and small
We’ve all seen tennis players fall to their knees in victory as they celebrate their match point – it’s a great sight to see. However, some players, take for example Rafael Nadal, have a habit of celebrating almost every point – whether big or small. We believe that this attitude should be applied to cyber security strategy as it upholds the notion that cyber security is a truly positive investment. As we’ve mentioned in a previous blog post, we need to “speak about security successes more [and] recognise that it is a great asset for productivity and innovation.”
9. Positioning can make a major difference
In tennis, you can’t afford to be constantly chasing after the ball. You need optimise your position – perfecting your stance and knowing your location. The same calls for how cyber security is integrated into an organisation – it must have a strong position within the business structure, ideally funnelled from the top down and spread throughout each department.
Cyber security should be positioned as everyone’s responsibility and this can be highlighted by undertaking organisation-wide security awareness training and implementing policies that ensure cyber security best practices are embedded in everyday tasks.
10. It’s all about playing the long game
Lastly, perseverance and determination are key to success for all cyber defenders and for tennis players. Nowadays, we can picture cyber security as a constant rally between two sides, one comprised of cyber security professionals, government bodies, the private sector, and citizens and the other comprised of threat-actors. The unfortunate truth is that information security incidents, breaches, and hacking aren’t going anywhere. Cyberthreat is growing more inevitable each day and security has transformed into a long-term undertaking.
As Roger Federer once said, “you have to believe in the long-term plan… but you need the short-term goals to motivate and inspire you.” Short-term goals in cyber security include incrementally building your cyber resilience by implementing proper security controls, undertaking audits and assessments, and gaining compliance to industry standards. Long-term goals include maintaining compliance to said standards, building defence in depth and uplifting cyber security posture.