Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/22/2020
10:00 AM
Monica Verma
Monica Verma
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybersecurity Lessons from the Pandemic

How does cybersecurity support business and society? The pandemic shows us.

There is absolutely no absolute security. Nature is designed in a way that things can and eventually will go wrong. This is true both for pandemics and cybersecurity incidents. The world wasn't fully prepared for a pandemic like COVID-19. We didn't know COVID-19 would strike the way it did or the extent to which it would affect the world and our society.

That's also true for security incidents and cyberattacks. There are cyber threats out there that we know exist. We prepare for those and implement security controls to protect our business and society from these known inevitable threats. Then there are unknowns. These unknowns are typically of three types:

  1. The unknown knowns (tacit knowledge).
  2. The known unknowns (the ignorance we are aware of). That is, the private vulnerabilities that haven't been disclosed yet to the public.
  3. The unknown unknowns (meta-ignorance). That is, the cyber threats (malware and other threats) that we don't even know we don't know. 

Challenges Common to a Pandemic and Cybersecurity
When a crisis hits, it's usually late in the investigation that we discover the unknowns that we didn't know about. For example, when COVID-19 initially became known, experts assumed it had spread to only a few Asian countries. As a result, many countries outside of Asia immediately set in motion preventive measures and travel bans for people traveling from those countries, while still keeping open borders for other nations. It was discovered later how coronavirus spread to rest of the world and that cases in Italy had escalated drastically in just a few days, thereby revealing the true extent of spread and risk exposure.

Similarly, when a cyberattack happens, it is mostly during the ongoing investigation, and often later rather than earlier, that one finds out about the true extent of infiltration, risk exposure, and the effects on an organization's infrastructure and business.

It's this meta-ignorance that poses a challenge and prevents us from being immune to these unknown threats that we don't know.  

The other aspect that connects the challenges of a pandemic to the challenges we face today in cybersecurity is the extensive globalization, digitalization, and interconnections. Both the digital landscape and the threat landscape are continuously evolving. A virus can hop onto planes, travel, and spread to the world way faster than ever before. It was on December 31, 2019, that the World Health Organization (WHO) identified a novel coronavirus based on the reports from Wuhan, China. And from December 31, 2019, to March 11, 2020, it took WHO only 71 days to declare this novel virus crisis a pandemic.

Similarly, today's organizations have a higher risk exposure due to their more complex and global digital footprint. It has become more profitable to attack service providers and let the malware spread across multiple customer networks across the world. The interconnections and digital supply chains are more complex and continuously evolving. We have seen notable attacks on services providers (including managed services providers and cloud services providers) over the last few years, and we will continue to see them grow. Examples include the Cloud Hopper (attributed to Chinese group APT10) cyberattack that managed to affect both the service provider and its customers worldwide, as well as the recent attack on Cognizant, a service provider giant.

In this ever-changing, evolving, and increasingly complex digital landscape, how do we protect ourselves, not only from the knowns but also from the cyber unknowns? How do we prepare ourselves and build immunity and defenses against the ever-evolving threat landscape?

The key to being prepared for various threats (particularly the unknowns) in this highly interconnected and globalized digital landscape is building efficient cyber resilience. Cyber resilience is the characteristic of a business to prepare for, absorb, respond to, adapt to, and recover from an adverse situation (for example, a cyberattack), while still continuing to function and deliver as intended. In addition to preparation and recovery, one of the key success factors in building a strong cyber-resilience framework is adaptability and predictability — adaptability to an ever-evolving threat landscape and predictability of the unknowns.

Technological Disruptors to Cybersecurity
Various technological disruptors such as the cloud, mobile, and the Internet of Things (IoT) have led to digital transformation. At the same time, these disruptors demand a transformation of cybersecurity and how it is integrated within critical societal functions and sectors, such as finance and healthcare. The fast-paced technological advancements challenge and shape how businesses develop and implement their cybersecurity strategy.

The "Cybersecurity Adoption Lifecycle" below, adapted from the technology adoption lifecycle, provides a model to understand where an organization is or can aim to be in the adoption market, as well as understand the relative maturity regarding the market and peers in the field.

Most organizations and businesses are in the mainstream cybersecurity market — that is, in the preventive security and regulatory-driven security fields. There are very few that build and truly implement cybersecurity to advance society and serve as a business differentiator. This requires investing and working in the fields of adaptive security and even predictive security. However, to be truly successful, one needs to succeed in crossing the chasm — that is, the gap between adaptive security and preventive security. This chasm is the transition from adaptive security toward the mainstream market — that is, a successful adoption of adaptive security as a part of the industry standard and, at a later stage, even an established framework. Last, there are the laggards, the ones that bet on reactive security. 

In today's complex and ever-evolving digital landscape, cyber-risk is not only an enterprise risk but a systemic risk. To ensure we're not lagging, it's not enough to be proactive — we need to be adaptive and predictive. Those are the key success factors to ensure that cybersecurity serves to support society and business amid technological disruptors and ongoing crisis.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Monica Verma is considered a leading spokesperson for digitalization, cloud computing and innovation, and the application of information security in support of technology and business. She is a public speaker and heads security and risk management. Through various leadership ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
McPhil
50%
50%
McPhil,
User Rank: Apprentice
7/24/2020 | 7:02:01 AM
cybersec
perhaps should learn cybersecurity from the developers of the utopia ecosystem
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/22/2020 | 10:25:30 AM
Chart
I really enjoyed the graphical depiction of security maturity orientations. I think it does very well to encapsulate the current state of where many organizations fall.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15138
PUBLISHED: 2020-08-07
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin...
CVE-2020-9490
PUBLISHED: 2020-08-07
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerab...
CVE-2020-11852
PUBLISHED: 2020-08-07
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syste...
CVE-2020-11984
PUBLISHED: 2020-08-07
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11985
PUBLISHED: 2020-08-07
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...