{"id":1238,"date":"2020-04-07T13:07:55","date_gmt":"2020-04-07T17:07:55","guid":{"rendered":"https:\/\/risingtidesecurity.com\/?p=1238"},"modified":"2020-04-07T13:07:55","modified_gmt":"2020-04-07T17:07:55","slug":"how-the-covid-19-response-is-like-cybersecurity","status":"publish","type":"post","link":"https:\/\/risingtidesecurity.com\/?p=1238","title":{"rendered":"How The COVID-19 Response Is Like Cybersecurity"},"content":{"rendered":"\n<p>Today, every citizen is on the front lines of the epidemic. We are flooded with information about staying safe, keeping an eye out, and left to process unfamiliar language.&nbsp; We are all suddenly doctors and epidemiologists analyzing information and predicting how the world is changing. With countless health professionals, scientists, and officials publishing cautionary tales, it may sound like when your organization\u2019s CISO tells you that Cybersecurity is everyone\u2019s job, and perhaps throws some cyber-jargon at you.<\/p>\n\n\n\n<p>Watching the initial response to COVID-19 has been a surreal experience not only because of how we have been iterating through the responses, but in its striking similarity to what Cybersecurity professionals see in their everyday lives. Cybersecurity\u2019s overall goal is to help business understand risk so they can make informed decisions, and ensure the organization can detect, investigate, contain, and remediate issues rapidly. It\u2019s easy to draw a parallel between a human virus and a computer virus, but the similarities are far more nuanced.&nbsp;<\/p>\n\n\n\n<p>Cybersecurity professionals work daily to understand organizational cyber risks and help leaders make risk-informed decisions. We present graphs and charts showing maturity level, identify Cybersecurity investment opportunities, and install tools anywhere we can. When all else fails, some ultimately and regrettably resort to leveraging Fear, Uncertainty, and Doubt (FUD). &nbsp;Whatever the communication mechanism, many organizations view Cybersecurity as a \u201cnice-to-have\u201d, a necessary response to compliance, and often viewing their CISO as \u201cChicken Little\u201d.<\/p>\n\n\n\n<p>Cybersecurity\u2019s lot sounds familiar to the pandemic planning\u2019s predicament over the last few years.&nbsp;<\/p>\n\n\n\n<p>First, the National Security Council had a pandemic playbook available to them, much in the same way that an organization\u2019s CISO has a Business Continuity Plan (BCP). However, when it came time, the plan was not put to use in favor of finding a custom approach to the problem. Organizations often have regulatory or customer obligations to have a BCP in place but it is often relegated to a shelf where it is brushed off for a cursory annual test. Our experience here is similar in that testing of the pandemic plan was not real enough to result in an automatic use of the plan.<\/p>\n\n\n\n<p>Second, the pandemic unit was removed from the National Security council likely because a pandemic was not seen as an imminent threat to the nation. The corollary to Cybersecurity is striking because many organizations don\u2019t have the CISO as part of the leadership team or present for strategic executive and board discussions. Sometimes the CISO is elevated to this level of visibility during a time of crisis, but memories are short and organizations often revert back in the absence of a clear immediate threat. The value the pandemic unit and the CISO bring to the larger group is not just expertise in their area but a different perspective to larger issues. Their perspectives and contributions outside of a time of crisis should not be discounted.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">You Can\u2019t Measure or Respond to Something You Can\u2019t See<\/h2>\n\n\n\n<p>Rapid response to a crisis not only requires a well-practiced plan, but also the visibility to target the response. In the case of the United States response to COVID-19, we were caught flat-footed without the data needed to make strategic decisions. Instead, responders and officials were forced to use anecdotal evidence or data from small regionalized sample sets. &nbsp;Assumptions had to be made about the illness\u2019 prevalence, spread, impact, and mortality rate which have proven incorrect over time. Responding to the emergency without data-driven visibility has led to broadly implemented restrictions, overwhelmed health systems, and shortages of supplies.<\/p>\n\n\n\n<p>The similarity of the response compared to Cybersecurity incidents becomes interesting when we think about visibility. The response to COVID-19 strongly mimics how organizations perform breach or ransomware response. Organizations that followed the direction of Cybersecurity leaders for instrumentation, centralized logging, and response exercises are like doctors who have had access to rapid testing. South Korea is the strongest corollary to a successful Cybersecurity program resulting from the amount of testing they performed early on, which enabled data-driven decisions focusing restrictions on affected citizens.<\/p>\n\n\n\n<p>Instead, the United States Government\u2019s response was the equivalent of a partially implemented Cybersecurity program. Sick patients are similar to users calling the helpdesk to report their computer is acting \u201cweird\u201d.&nbsp; The only visibility the response team has is to examine reported \u2018weirdness\u2019 and systems on the network. The best we can do is respond to the reports we receive, investigate the systems in question, and remediate. The incident responders can perform additional investigations around the proximity of the affected system, but it is resource and time prohibitive to examine the entire enterprise. The only other option is to shut down the business until every system can be examined or rebuilt.<\/p>\n\n\n\n<p>The decision on when to call the all-clear becomes even more challenging. When does the Cybersecurity team think that the threat has been contained?&nbsp; If you don\u2019t have visibility then you can take the stance that if no one is complaining then the problem must have been addressed, but it could just as easily recur elsewhere.&nbsp; Much is the same with a country and figuring out how to strategically lift restrictions without ending up worse off. In short\u2026Data is king.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Where Do We Go From Here?<\/strong><\/h2>\n\n\n\n<p>Our collective experience from this pandemic is wasted if we don\u2019t put lessons learned into forward planning more broadly. Going forward we should be prepared with information, data collection, and the ability to spot trends. It\u2019s not to say that we can prevent all of the ills of the world, whether that\u2019s physical, health, or cyber, but we can be better prepared to respond to minimize the impact.<\/p>\n\n\n\n<p>Encourage your Cybersecurity organizations to acquire the data needed to make informed decisions, allow it and the business to act quickly, and preserve the organization.&nbsp; Ask questions, rehearse in earnest, and make investments that provide insights.&nbsp;<\/p>\n\n\n\n<p>Benamin Franklin\u2019s saying \u201cif you fail to plan, you are planning to fail\u201d could not ring truer.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, every citizen is on the front lines of the epidemic. We are flooded with information about staying safe, keeping an eye out, and left to process unfamiliar language.&nbsp; We are all suddenly doctors and epidemiologists analyzing information and predicting &hellip; <a href=\"https:\/\/risingtidesecurity.com\/?p=1238\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1238","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/risingtidesecurity.com\/index.php?rest_route=\/wp\/v2\/posts\/1238","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/risingtidesecurity.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/risingtidesecurity.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/risingtidesecurity.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/risingtidesecurity.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1238"}],"version-history":[{"count":0,"href":"https:\/\/risingtidesecurity.com\/index.php?rest_route=\/wp\/v2\/posts\/1238\/revisions"}],"wp:attachment":[{"href":"https:\/\/risingtidesecurity.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/risingtidesecurity.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/risingtidesecurity.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}