IT Essentials: The art of the drop shot

Attackers have perfected it, and IT leaders need to get better at the return swing

IT Essentials: The art of the drop shot

Despite knowing nothing about tennis (the rules are patiently explained to me every year, and every year I forget the difference between game, set and match), I went to Wimbledon this week for a tour of the IBM Data Hub.

It was a fascinating place where every movement and every piece of action on every court is recorded and analysed (watch for coverage soon!), and I got an education into lawn tennis into the bargain.

I was introduced to IBM's new AI commentary feature, which identified the drop shot: a soft return where the ball lands just the other side of the net. Done well, it can be difficult for the opponent to predict or respond to.

Because I'm a nerd, I thought about how this relates to IT. It seemed a perfect analogy for low-and-slow cyberattacks.

Big, fast, Blitzkrieg-style attacks, like those affecting Capita or the University of Manchester, are unfortunately common; but those where an attacker infiltrates and lies in wait are harder to track. If nothing else, the details are obfuscated when a company does report them.

null

Like the drop shot, the silent infiltration of a network - and stealthily waiting for weeks or months - can confuse and break even the strongest defences.

And with the stroke becoming more common today thanks to newcomers like Carlos Alcaraz and Ons Jabeur, long-time tennis pros are switching on to the need to constantly monitor their side of the court.

For years, the drop shot was out of favour. It was thought cowardly - a "panic" shot, according to Roger Federer. But in a tennis world where play is fast and furious, upsetting an opponent's rhythm can pay dividends.

It's the same in cyber. We're trained to watch for overt attacks, to respond at the drop of a hat; but we can't just respond to attacks that come slamming across the net at 140mph. We need to be ready for the drop shot.

Weekend reading

Over what will supposedly be a wet weekend, sit down with John Leonard's interview with SAP's Tobias Haug on the company's experimental, bottom-up way of working; Penny Horwood's analysis of tech sector job cuts; and a contributed piece from Mobb's Eitan Worcel on the use of ChatGPT for fixing code vulnerabilities.