Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Cybersecurity lessons to be learnt from the Pandemic

Written by  Apr 16, 2020

It may not be obvious, but the spread of information on computer networks is like disease processes.

It starts at the most basic level — when you connect to the Internet, you launch what epidemiologists would call a "nearest neighbour spread" process but what network gurus call a routing protocol. One router learns that you're there, it tells its neighbours, and they tell their neighbours, in a wave that spreads out across the network — spreading your information like a disease.

It's no coincidence that some of the first major computer threats were called viruses — they spread in ways that look like biological agents, with similar strategies for infection and reproduction. If you've ever received infected email from a colleague, you were watching evolution in action: attackers figuring out that they can more effectively spread if they contact you from someone you know rather than from an unfamiliar address.

Understanding Lateral Movement
Diseases spread between humans as we connect with each other. That's why many of us are sheltering in place as I write this — to reduce the ability of today's infection to move laterally around the population. It's clear that human networks are global and interconnected. The disease started in one country and has spread laterally to even small, remote island communities.

In the online world, attackers find it easiest to breach low-value targets first, then spread outwards to better targets. Why? We can't protect all of our networks down to every endpoint. Therefore, an attacker begins by finding one compromised location. Although a network is large, it doesn't take many lateral moves to get from one place to any other place. Similarly, air travel is a great help for the spread of real-world bugs. In the online world of social networks, lateral movement is one of the best tools in an attacker's arsenal.

By remaining at home in our fight against the coronavirus, we're fighting back by blocking its lateral movement. Likewise, digital defenders need to break up patterns of lateral movement through segmentation that walls off data into distinct areas. This prevents infections from moving into new segments.

Advertisement


Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat
amazon uk

Know Where Infections Are

In the fight against disease, it's increasingly clear that the difference between countries that have better or worse outcomes comes down to who can test the most. They can see where the disease really is and get ahead of it. Digital security is the same. We struggle to know where we have infections, and response teams are often scrambling to catch up with something that has already begun to spread.

For real-world diseases, we use contact tracing. If you just learned one person is a carrier, immediately track down their contacts, test them, and quarantine as necessary. The digital version of the challenge is much harder because computers communicate across a network in many different and shifting directions, comparable to having every person on earth flying country to country every day.

In an online crisis, there is no simple answer to the question "how did this infection get here, and where is it going next?" To find that answer, security teams need to map out a network well ahead of an attack and understand all the access pathways and normal information flows for the organisation. This isn't easy, but we're getting better at automation and algorithms to analyse questions like this that defy human thought.

Slow It Down

The global effort to stay home and "flatten the curve" for disease spread is a great move to reduce the strain on our taxed medical systems. Similarly, just slowing down an online attack brings powerful benefits. We know you won't be able to stop every determined attacker or nation-state, but slowing them down buys time for your sensors to detect digital intruders so you can respond to block or quarantine them. You can also see this in traditional safes, which are rated based on how long they can resist a determined thief.

Advertisement


Cybersecurity Essentials
amazon uk


Hygiene Is Critically Important

The most important and repeated advice about the current COVID-19 outbreak is always the same: Wash your hands. This is our first and best line of defence. It's much the same online: Basic hygiene matters. In the digital realm, network hygiene includes knowing what is on your network, that your devices are securely configured, that your network is set up as intended, and that any change doesn't affect your security, none of which is easy to do consistently at large scale — even the simple things. Real-world networks are riddled with unintentional hygiene failure; even 90% compliance with basic hygiene standards isn't enough. It's far more important for security teams to perform the basic controls well, everywhere, every time. So, please, people don't forget wash your hands!


Peter Flynn

Creator and director of IT Security Centre UK.

I have worked in the IT industry for many years and developed my IT security skills in particular. As this area has always been of interest to me and is more important now than ever.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular Cyber News

Mar 05, 2020 Cyber Security

Tesco and Boots Loyalty Card Schemes Affected by Security Issues

UK retailers Tesco and Boots are dealing with the after affects of cyber security issues that may have affected thousand...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

Mar 27, 2020 Cyber Security

Hospitals worldwide offered free security software

As cyberattacks against hospitals surge during the coronavirus crisis, technology companies are stepping up to alleviate...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

Mar 23, 2020 Cyber Security

Thousands of Netflix and Other Streamers Accounts are Being Stolen

With a massive surge in home use of video and music streaming services such as Amazon Prime Video, Apple Music, Netflix ...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

Apr 16, 2020 Cyber Security

Cybersecurity lessons to be learnt from the Pandemic

It may not be obvious, but the spread of information on computer networks is like disease processes. ...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Mar 20, 2020 Cyber Threats

UK Fintech Company Finastra Targeted by Hackers

UK-based financial technology company Finastra is investigating a cybersecurity incident that may involve a piece of ran...

Jun 06, 2020 Cyber Security

Phishing attacks on companies using PBX systems increases dramatically

While video conferencing solutions have become the prime targets for hackers recently following the shift to remote work...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Apr 13, 2020 Cyber Security

Under half of UK businesses provide cybersecurity training: Kapersky

If businesses want to seriously wan to reduce he risk of data breaches and remains secure, they must commit to employee ...

Advertisement
Symantec Home 120x60

Advertisement