Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Monica Verma
Monica Verma
Connect Directly
E-Mail vvv

Cybersecurity Lessons from the Pandemic

How does cybersecurity support business and society? The pandemic shows us.

There is absolutely no absolute security. Nature is designed in a way that things can and eventually will go wrong. This is true both for pandemics and cybersecurity incidents. The world wasn't fully prepared for a pandemic like COVID-19. We didn't know COVID-19 would strike the way it did or the extent to which it would affect the world and our society.

That's also true for security incidents and cyberattacks. There are cyber threats out there that we know exist. We prepare for those and implement security controls to protect our business and society from these known inevitable threats. Then there are unknowns. These unknowns are typically of three types:

  1. The unknown knowns (tacit knowledge).
  2. The known unknowns (the ignorance we are aware of). That is, the private vulnerabilities that haven't been disclosed yet to the public.
  3. The unknown unknowns (meta-ignorance). That is, the cyber threats (malware and other threats) that we don't even know we don't know. 

Challenges Common to a Pandemic and Cybersecurity
When a crisis hits, it's usually late in the investigation that we discover the unknowns that we didn't know about. For example, when COVID-19 initially became known, experts assumed it had spread to only a few Asian countries. As a result, many countries outside of Asia immediately set in motion preventive measures and travel bans for people traveling from those countries, while still keeping open borders for other nations. It was discovered later how coronavirus spread to rest of the world and that cases in Italy had escalated drastically in just a few days, thereby revealing the true extent of spread and risk exposure.

Similarly, when a cyberattack happens, it is mostly during the ongoing investigation, and often later rather than earlier, that one finds out about the true extent of infiltration, risk exposure, and the effects on an organization's infrastructure and business.

It's this meta-ignorance that poses a challenge and prevents us from being immune to these unknown threats that we don't know.  

The other aspect that connects the challenges of a pandemic to the challenges we face today in cybersecurity is the extensive globalization, digitalization, and interconnections. Both the digital landscape and the threat landscape are continuously evolving. A virus can hop onto planes, travel, and spread to the world way faster than ever before. It was on December 31, 2019, that the World Health Organization (WHO) identified a novel coronavirus based on the reports from Wuhan, China. And from December 31, 2019, to March 11, 2020, it took WHO only 71 days to declare this novel virus crisis a pandemic.

Similarly, today's organizations have a higher risk exposure due to their more complex and global digital footprint. It has become more profitable to attack service providers and let the malware spread across multiple customer networks across the world. The interconnections and digital supply chains are more complex and continuously evolving. We have seen notable attacks on services providers (including managed services providers and cloud services providers) over the last few years, and we will continue to see them grow. Examples include the Cloud Hopper (attributed to Chinese group APT10) cyberattack that managed to affect both the service provider and its customers worldwide, as well as the recent attack on Cognizant, a service provider giant.

In this ever-changing, evolving, and increasingly complex digital landscape, how do we protect ourselves, not only from the knowns but also from the cyber unknowns? How do we prepare ourselves and build immunity and defenses against the ever-evolving threat landscape?

The key to being prepared for various threats (particularly the unknowns) in this highly interconnected and globalized digital landscape is building efficient cyber resilience. Cyber resilience is the characteristic of a business to prepare for, absorb, respond to, adapt to, and recover from an adverse situation (for example, a cyberattack), while still continuing to function and deliver as intended. In addition to preparation and recovery, one of the key success factors in building a strong cyber-resilience framework is adaptability and predictability — adaptability to an ever-evolving threat landscape and predictability of the unknowns.

Technological Disruptors to Cybersecurity
Various technological disruptors such as the cloud, mobile, and the Internet of Things (IoT) have led to digital transformation. At the same time, these disruptors demand a transformation of cybersecurity and how it is integrated within critical societal functions and sectors, such as finance and healthcare. The fast-paced technological advancements challenge and shape how businesses develop and implement their cybersecurity strategy.

The "Cybersecurity Adoption Lifecycle" below, adapted from the technology adoption lifecycle, provides a model to understand where an organization is or can aim to be in the adoption market, as well as understand the relative maturity regarding the market and peers in the field.

Most organizations and businesses are in the mainstream cybersecurity market — that is, in the preventive security and regulatory-driven security fields. There are very few that build and truly implement cybersecurity to advance society and serve as a business differentiator. This requires investing and working in the fields of adaptive security and even predictive security. However, to be truly successful, one needs to succeed in crossing the chasm — that is, the gap between adaptive security and preventive security. This chasm is the transition from adaptive security toward the mainstream market — that is, a successful adoption of adaptive security as a part of the industry standard and, at a later stage, even an established framework. Last, there are the laggards, the ones that bet on reactive security. 

In today's complex and ever-evolving digital landscape, cyber-risk is not only an enterprise risk but a systemic risk. To ensure we're not lagging, it's not enough to be proactive — we need to be adaptive and predictive. Those are the key success factors to ensure that cybersecurity serves to support society and business amid technological disruptors and ongoing crisis.

Related Content:



Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Monica Verma is considered a leading spokesperson for digitalization, cloud computing and innovation, and the application of information security in support of technology and business. She is a public speaker and heads security and risk management. Through various leadership ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Ninja
7/22/2020 | 10:25:30 AM
I really enjoyed the graphical depiction of security maturity orientations. I think it does very well to encapsulate the current state of where many organizations fall.
User Rank: Apprentice
8/26/2020 | 9:06:25 AM
Re: Chart
Very useful information
User Rank: Apprentice
7/24/2020 | 7:02:01 AM
perhaps should learn cybersecurity from the developers of the utopia ecosystem
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.