The news is flooded with updates regarding the COVID-19 vaccine. Cyberattacks are targeting the vaccine supply chain. Phishing attacks are exploiting sign-ups for the vaccine. There are even attacks to get access to vaccine data. Sounds a lot like our enterprises every day! We’re all learning about human immunology from the headlines, but what are the equivalent defenses for our networks? How do we achieve resilience at scale, when we don’t really have a network immune system?
There is a lot we can learn from the COVID-19 pandemic. First, we start with cyber hygiene – the online equivalent of hand washing. Are we doing the basics – following basic hardening guides? At scale? All the time? It’s one thing to publish a policy about cyber hygiene, it’s quite another to get a large-scale organization to follow all the recommendations. Do we even know about every asset that has to go through some hygiene checks? If we don’t have a complete inventory, how can we have complete compliance even with the most basic rules? Just because you can’t easily see under your fridge doesn’t mean it’s all nice and tidy under there! As the public health professionals fighting the pandemic can tell you, it’s important to go back to basics, and keep repeating clear messages, if you want to see real shifts in behavior across the organization.
Next, we need to design our networks to limit the spread of inevitable future attacks. In the physical world, we call this social distancing. It’s an effective way to slow a pandemic down by reducing its ability to spread, and much the same idea works for cyberattacks. That said, we know it won’t do any good to space online assets far apart, since the Internet connects ever ..
Support the originator by clicking the read the rest link below.
