Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Monica Verma
Monica Verma
Connect Directly
E-Mail vvv

Cybersecurity Lessons from the Pandemic

How does cybersecurity support business and society? The pandemic shows us.

There is absolutely no absolute security. Nature is designed in a way that things can and eventually will go wrong. This is true both for pandemics and cybersecurity incidents. The world wasn't fully prepared for a pandemic like COVID-19. We didn't know COVID-19 would strike the way it did or the extent to which it would affect the world and our society.

That's also true for security incidents and cyberattacks. There are cyber threats out there that we know exist. We prepare for those and implement security controls to protect our business and society from these known inevitable threats. Then there are unknowns. These unknowns are typically of three types:

  1. The unknown knowns (tacit knowledge).
  2. The known unknowns (the ignorance we are aware of). That is, the private vulnerabilities that haven't been disclosed yet to the public.
  3. The unknown unknowns (meta-ignorance). That is, the cyber threats (malware and other threats) that we don't even know we don't know. 

Challenges Common to a Pandemic and Cybersecurity
When a crisis hits, it's usually late in the investigation that we discover the unknowns that we didn't know about. For example, when COVID-19 initially became known, experts assumed it had spread to only a few Asian countries. As a result, many countries outside of Asia immediately set in motion preventive measures and travel bans for people traveling from those countries, while still keeping open borders for other nations. It was discovered later how coronavirus spread to rest of the world and that cases in Italy had escalated drastically in just a few days, thereby revealing the true extent of spread and risk exposure.

Similarly, when a cyberattack happens, it is mostly during the ongoing investigation, and often later rather than earlier, that one finds out about the true extent of infiltration, risk exposure, and the effects on an organization's infrastructure and business.

It's this meta-ignorance that poses a challenge and prevents us from being immune to these unknown threats that we don't know.  

The other aspect that connects the challenges of a pandemic to the challenges we face today in cybersecurity is the extensive globalization, digitalization, and interconnections. Both the digital landscape and the threat landscape are continuously evolving. A virus can hop onto planes, travel, and spread to the world way faster than ever before. It was on December 31, 2019, that the World Health Organization (WHO) identified a novel coronavirus based on the reports from Wuhan, China. And from December 31, 2019, to March 11, 2020, it took WHO only 71 days to declare this novel virus crisis a pandemic.

Similarly, today's organizations have a higher risk exposure due to their more complex and global digital footprint. It has become more profitable to attack service providers and let the malware spread across multiple customer networks across the world. The interconnections and digital supply chains are more complex and continuously evolving. We have seen notable attacks on services providers (including managed services providers and cloud services providers) over the last few years, and we will continue to see them grow. Examples include the Cloud Hopper (attributed to Chinese group APT10) cyberattack that managed to affect both the service provider and its customers worldwide, as well as the recent attack on Cognizant, a service provider giant.

In this ever-changing, evolving, and increasingly complex digital landscape, how do we protect ourselves, not only from the knowns but also from the cyber unknowns? How do we prepare ourselves and build immunity and defenses against the ever-evolving threat landscape?

The key to being prepared for various threats (particularly the unknowns) in this highly interconnected and globalized digital landscape is building efficient cyber resilience. Cyber resilience is the characteristic of a business to prepare for, absorb, respond to, adapt to, and recover from an adverse situation (for example, a cyberattack), while still continuing to function and deliver as intended. In addition to preparation and recovery, one of the key success factors in building a strong cyber-resilience framework is adaptability and predictability — adaptability to an ever-evolving threat landscape and predictability of the unknowns.

Technological Disruptors to Cybersecurity
Various technological disruptors such as the cloud, mobile, and the Internet of Things (IoT) have led to digital transformation. At the same time, these disruptors demand a transformation of cybersecurity and how it is integrated within critical societal functions and sectors, such as finance and healthcare. The fast-paced technological advancements challenge and shape how businesses develop and implement their cybersecurity strategy.

The "Cybersecurity Adoption Lifecycle" below, adapted from the technology adoption lifecycle, provides a model to understand where an organization is or can aim to be in the adoption market, as well as understand the relative maturity regarding the market and peers in the field.

Most organizations and businesses are in the mainstream cybersecurity market — that is, in the preventive security and regulatory-driven security fields. There are very few that build and truly implement cybersecurity to advance society and serve as a business differentiator. This requires investing and working in the fields of adaptive security and even predictive security. However, to be truly successful, one needs to succeed in crossing the chasm — that is, the gap between adaptive security and preventive security. This chasm is the transition from adaptive security toward the mainstream market — that is, a successful adoption of adaptive security as a part of the industry standard and, at a later stage, even an established framework. Last, there are the laggards, the ones that bet on reactive security. 

In today's complex and ever-evolving digital landscape, cyber-risk is not only an enterprise risk but a systemic risk. To ensure we're not lagging, it's not enough to be proactive — we need to be adaptive and predictive. Those are the key success factors to ensure that cybersecurity serves to support society and business amid technological disruptors and ongoing crisis.

Related Content:



Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Monica Verma is considered a leading spokesperson for digitalization, cloud computing and innovation, and the application of information security in support of technology and business. She is a public speaker and heads security and risk management. Through various leadership ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/24/2020 | 7:02:01 AM
perhaps should learn cybersecurity from the developers of the utopia ecosystem
User Rank: Ninja
7/22/2020 | 10:25:30 AM
I really enjoyed the graphical depiction of security maturity orientations. I think it does very well to encapsulate the current state of where many organizations fall.
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Hunny, I looked every where for the dorritos. 
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...