Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/22/2020
10:00 AM
Monica Verma
Monica Verma
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybersecurity Lessons from the Pandemic

How does cybersecurity support business and society? The pandemic shows us.

There is absolutely no absolute security. Nature is designed in a way that things can and eventually will go wrong. This is true both for pandemics and cybersecurity incidents. The world wasn't fully prepared for a pandemic like COVID-19. We didn't know COVID-19 would strike the way it did or the extent to which it would affect the world and our society.

That's also true for security incidents and cyberattacks. There are cyber threats out there that we know exist. We prepare for those and implement security controls to protect our business and society from these known inevitable threats. Then there are unknowns. These unknowns are typically of three types:

  1. The unknown knowns (tacit knowledge).
  2. The known unknowns (the ignorance we are aware of). That is, the private vulnerabilities that haven't been disclosed yet to the public.
  3. The unknown unknowns (meta-ignorance). That is, the cyber threats (malware and other threats) that we don't even know we don't know. 

Challenges Common to a Pandemic and Cybersecurity
When a crisis hits, it's usually late in the investigation that we discover the unknowns that we didn't know about. For example, when COVID-19 initially became known, experts assumed it had spread to only a few Asian countries. As a result, many countries outside of Asia immediately set in motion preventive measures and travel bans for people traveling from those countries, while still keeping open borders for other nations. It was discovered later how coronavirus spread to rest of the world and that cases in Italy had escalated drastically in just a few days, thereby revealing the true extent of spread and risk exposure.

Similarly, when a cyberattack happens, it is mostly during the ongoing investigation, and often later rather than earlier, that one finds out about the true extent of infiltration, risk exposure, and the effects on an organization's infrastructure and business.

It's this meta-ignorance that poses a challenge and prevents us from being immune to these unknown threats that we don't know.  

The other aspect that connects the challenges of a pandemic to the challenges we face today in cybersecurity is the extensive globalization, digitalization, and interconnections. Both the digital landscape and the threat landscape are continuously evolving. A virus can hop onto planes, travel, and spread to the world way faster than ever before. It was on December 31, 2019, that the World Health Organization (WHO) identified a novel coronavirus based on the reports from Wuhan, China. And from December 31, 2019, to March 11, 2020, it took WHO only 71 days to declare this novel virus crisis a pandemic.

Similarly, today's organizations have a higher risk exposure due to their more complex and global digital footprint. It has become more profitable to attack service providers and let the malware spread across multiple customer networks across the world. The interconnections and digital supply chains are more complex and continuously evolving. We have seen notable attacks on services providers (including managed services providers and cloud services providers) over the last few years, and we will continue to see them grow. Examples include the Cloud Hopper (attributed to Chinese group APT10) cyberattack that managed to affect both the service provider and its customers worldwide, as well as the recent attack on Cognizant, a service provider giant.

In this ever-changing, evolving, and increasingly complex digital landscape, how do we protect ourselves, not only from the knowns but also from the cyber unknowns? How do we prepare ourselves and build immunity and defenses against the ever-evolving threat landscape?

The key to being prepared for various threats (particularly the unknowns) in this highly interconnected and globalized digital landscape is building efficient cyber resilience. Cyber resilience is the characteristic of a business to prepare for, absorb, respond to, adapt to, and recover from an adverse situation (for example, a cyberattack), while still continuing to function and deliver as intended. In addition to preparation and recovery, one of the key success factors in building a strong cyber-resilience framework is adaptability and predictability — adaptability to an ever-evolving threat landscape and predictability of the unknowns.

Technological Disruptors to Cybersecurity
Various technological disruptors such as the cloud, mobile, and the Internet of Things (IoT) have led to digital transformation. At the same time, these disruptors demand a transformation of cybersecurity and how it is integrated within critical societal functions and sectors, such as finance and healthcare. The fast-paced technological advancements challenge and shape how businesses develop and implement their cybersecurity strategy.

The "Cybersecurity Adoption Lifecycle" below, adapted from the technology adoption lifecycle, provides a model to understand where an organization is or can aim to be in the adoption market, as well as understand the relative maturity regarding the market and peers in the field.

Cybersecurity Adoption Lifecycle by Monica Verma
Cybersecurity Adoption Lifecycle by Monica Verma

Most organizations and businesses are in the mainstream cybersecurity market — that is, in the preventive security and regulatory-driven security fields. There are very few that build and truly implement cybersecurity to advance society and serve as a business differentiator. This requires investing and working in the fields of adaptive security and even predictive security. However, to be truly successful, one needs to succeed in crossing the chasm — that is, the gap between adaptive security and preventive security. This chasm is the transition from adaptive security toward the mainstream market — that is, a successful adoption of adaptive security as a part of the industry standard and, at a later stage, even an established framework. Last, there are the laggards, the ones that bet on reactive security. 

In today's complex and ever-evolving digital landscape, cyber-risk is not only an enterprise risk but a systemic risk. To ensure we're not lagging, it's not enough to be proactive — we need to be adaptive and predictive. Those are the key success factors to ensure that cybersecurity serves to support society and business amid technological disruptors and ongoing crisis.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Monica Verma is considered a leading spokesperson for digitalization, cloud computing and innovation, and the application of information security in support of technology and business. She is a public speaker and heads security and risk management. Through various leadership ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
McPhil
50%
50%
McPhil,
User Rank: Apprentice
7/24/2020 | 7:02:01 AM
cybersec
perhaps should learn cybersecurity from the developers of the utopia ecosystem
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
7/22/2020 | 10:25:30 AM
Chart
I really enjoyed the graphical depiction of security maturity orientations. I think it does very well to encapsulate the current state of where many organizations fall.
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23381
PUBLISHED: 2021-04-18
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374
PUBLISHED: 2021-04-18
This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23375
PUBLISHED: 2021-04-18
This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23376
PUBLISHED: 2021-04-18
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23377
PUBLISHED: 2021-04-18
This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.