The digital and medical worlds are very different from each other. One talks about code and machine language, the other talks anatomical and physiological; one talks system and network security, the other talks about human immunity. There is nothing in common, except one small thing.
By Mihir Bagwe, Tech Writer, CISO MAG
This small thing is dreaded and has similar effects in both worlds. Puzzled? This common terminology of the two worlds is called virus. The nature of viruses such as emergence, the spread, damages caused, and the after-effects felt are the same in both worlds. The ongoing COVID-19 pandemic is no different. The world is reeling from the aftermath caused by a microscopic virus that some thought was “just another flu.” However, every crisis teaches us life lessons and this one has also taught a few lessons that can be related and taken note off in both the worlds – medical and digital.
Basic Hygiene Matters
We were taught in school that washing hands, using a handkerchief while sneezing, taking a bath, or at least washing your hands and feet thoroughly after coming home from outside, etc. was all necessary in maintaining personal hygiene. We religiously followed these back then to impress our parents and teachers, but in transition of life we just lost touch. However, these very basic hygiene practices are what the WHO says will matter the most in the days ahead as this is now our first and best line of defense.
It is pretty much the same in digital world. Knowing your network architecture, the devices connected on it physically and virtually, their configuration, its security controls, and even the simplest of things like maintaining a log of browsed history – all contribute to maintaining hygiene. Hygiene failure should not be tolerated. As seen with the Coronavirus, a failure in hygiene can risk not just yours but others’ lives too. Similarly, hygiene failure in the digital vertical can lead to an organization’s downfall.
The digital shift in the post-pandemic world is going to have a significant impact on the cybersecurity front. World business leaders and CISOs would need to understand these technologies, their limitations and their associated security and compliance intricacies in the “digital normal”. COVID-19 has become the catalyst to trigger change in the ways of managing and operating technology. Thus, we need a solution that can cater to all these demands.
Contact Tracing
With the trends and patterns being analyzed extensively over the past 5-6 months, it is now seemingly clear that the difference between countries who are doing well or worse against the Coronavirus comes down to who tests more. Governments used this model of contact tracing to bring down the possible exposure of potential virus carriers. It is the same in digital world. Unless we know the root of the infection, response teams often play only a catch-up with something that has already begun to spread. When you test, you can analyze the patterns and design an action plan for it.
However, contact tracing is a difficult scenario in the digital world, as computer networks are interconnected, complex, unidirectional, and widespread across the globe. It is very difficult to quickly analyze and point-out the source of the infection in larger networks. Thus, the responsibility of the security teams has increased twofold to maintain a map of its entire network architecture, understand all the access points, and the manner in which data is transmitted among all endpoints and nodes of your business.
Restrict Lateral Movement
Man is a social animal. We are widely connected with each other and the proof of concept (PoC) for this is the current Coronavirus pandemic. The virus originated in a populous province of Wuhan in China, but soon spread laterally in all directions from one country to another. This shows that we are interconnected just like the networks in the digital world.
A biological virus infects a person with weaker immunity and then spreads from person to person forming a chain. In a similar way, threat actors while attacking any larger and complex network target its weaker links first and then spread laterally towards the main target as was the case in the Twitter Hack.
The main problem of the spread is the supply chain. We cannot protect our entire supply chain as they have their own networks and endpoints which are beyond our security perimeter. Therefore, an attacker finds these weaker links in the supply chain, exploits them, and moves laterally, from one network to another until he finally penetrates its targeted location.
However, the countries that successfully flattened the curve, for example, Singapore, restricted this lateral movement of coronavirus by applying a “Circuit Breaker.” This “Circuit Breaker” needs to be applied in the digital world as well. IT architectures need to implement containerization / segmentation and zoning concepts to include not just systems, but also people, roles, and the level of sensitive data they possess. Containerization, thus, will be extended beyond enterprise networks to include endpoints such as remote worker machines and mobiles devices.
This will facilitate cybersecurity teams to apply varied access controls and demarcate data storage to minimize risk of cyber intrusion and data breach. They need to break up patterns of lateral movement through segmentation that walls off data into distinct areas and prevents infections from moving into new segments.
Slow the Spread
Lockdowns were enforced across the globe to slow the spread of the pandemic. Similarly, slowing down a cyberattack has its own benefits. It’s practically impossible to detect and stop every attack on your organization but slowing them down buys enough time for your IT incident response teams to detect the source and block or quarantine them to avoid further spread and subsequent damages.
Proactive Approach
In countries like India, where population density has contributed to the emergence of community hotspots of COVID-19, local governing bodies changed their approach from preventive to proactive. They decided to “chase the virus” by deploying rigorous contact tracing and testing measures. This is exactly the need of the hour in the digital world.
We can no longer be subdued and complacent about our approach towards strengthening security measures. We may have the best firewalls and security products in place, but the reality is that “security is a myth.” Hackers go by the principle that anything and everything can be penetrated, and this is what businesses need to understand. Thus, instead of only relying on your incident response, implement proactive strategies like Cyber Threat Intelligence (CTI). These would give you insights of the underlying threats in the digital world, which will help you to not only protect but also prepare better for the worst.
About the Author
Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.
