We are living through an extraordinary global event.
COVID-19, more commonly known as the coronavirus, has completely disrupted our lives, economy, and global stability. As we watch governments around the world attempt to contain the spread, we are seeing huge disparities in approach. In some countries, the spread and death rates are low while in others it has become a human tragedy.
As cyber professionals, we see many parallels between the impact of the coronavirus and zero-day exploits – cyber attacks that occur on the same day a weakness is discovered in software before a fix is available. Both are novel (never seen before) and lack prevention measures, thus creating unique challenges for treatment and containment. Because they are novel, it makes it difficult for practitioners to quickly and effectively address the threat.
There are, however, strategies that can be implemented in advance to reduce the exposure and associated impact.
Prevention and Preparation
Similar to how we would take precautions to avoid getting the coronavirus and contain it if we do, organizations can proactively prevent cyber threats and put plans in place to mitigate cyber threats.
Is your organization ready? If not, consider these critical steps:
Preventing Cyber Threats
When exposed to a virus, your personal health has a lot to do with how sick you get or if you get sick at all. Your organization’s cyber health is not much different. Implementing cyber hygiene and preventative measures is a key determiner of your level of vulnerability to a zero-day exploit. Enabling a cyber program built on a foundation of cyber hygiene is the first step toward building a healthy IT ecosystem.
Monitoring Cyber Health
Good personal health is a lifestyle. It requires constant focus and monitoring in order to maintain good health. To protect an organization, constant monitoring of environmental health is a must. Ensuring continuous compliance across the environment through a proactive remediation process is critical to getting the value from cyber hygiene.
If and when you do get sick, you want a healthcare system that can quickly diagnose your illness so that treatment can be prescribed. When there is no test for an illness like the coronavirus, you are dependent on observing the type of illness and how it impacts the patient. In contrast, a zero-day exploit is very difficult if not impossible to detect. Implementing behavior-based detection enables you to detect the type of exploit, block or contain it, and minimize the impact on your IT systems and critical data.
Containing a Cyber Breach
When a pandemic occurs, you want a healthcare system that can scale and respond to the virus, minimizing loss of life. For your organization, you must have event management and Incident Response (IR) processes that enable you to successfully contain and recover from cyber-attacks. Without these processes in place, a cyber incident will be chaotic and difficult to manage.
During a pandemic, being able to communicate quickly and effectively is key. An effective response requires rapid communication with leadership across government and healthcare organizations. Education for the general public is critical to implementing mitigation strategies that reduce the spread of the virus.
When a cyber attack occurs, you need to be able to quickly communicate with executives, key stakeholders, and users. It is critical to keep leadership informed of the issue as well as leveraging stakeholders to assist in the response. Additionally, leveraging the user community to identify additional exposure is key to your containment efforts.
Once a pandemic occurs, the end-state goal is to fully eradicate the virus enabling society to return to normal. This involves both short and long term strategies to enable society to operate normally as well as creating immunity to prevent it from making a return.
In most cases, once your organization has been compromised, it requires a well-defined Disaster Recovery Process (DRP) to recover IT systems so that business operations can return to normal, with minimal loss and impact to business operations. Post-incident, enabling new prevention measures across the IT ecosystem will help to minimize the risk of being attacked by similar exploits in the future.
Stay Safe, Healthy, and Secure
Through prevention and preparation, you can build an effective strategy for dealing with zero-day threats. And by implementing recommendations and strategies for addressing COVID-19, we will make it through this crisis.