There are significant parallels between the responses of governments and national healthcare organisations to coronavirus – and the resulting infection, Covid-19 – and the way in which businesses respond to ransomware attacks. Unfortunately, the woeful state of global pandemic management and preparedness mirrors the posture of most companies to a ransomware infection or data breach incident. Cyber-incidents such as these, however, have been seen to change company attitudes towards cybersecurity; will the coronavirus experience change governments’ attitudes to cutting healthcare and pandemic resources?
An ounce of cyber-prevention is worth a pound of cyber-cure
In general, Covid-19 or a virus like it was both predictable and preventable with early reporting – we now know the first infection was detected in November 2019. [1] This is not unlike identifying WannaCry 58 days before it became a global cyber threat. [2] Proper reporting of the emergence of coronavirus to the WHO in November 2019, or even January 2020 when it became virulent and rapidly infected people in Wuhan, China, would have had a significant effect on global preparedness and response capability.
Clearly, early detection of a threat – whether to health, cybersecurity or physical safety – could allow an organisation or government to take proactive action earlier to reduce the impact of a virus or breach. The effects of coronavirus are now putting the global economy at serious risk. Further, as a result of the lack of early reports of detections, stockpiles of necessary supplies and equipment and the plans to deploy them, are not readily available.
Antivirus and segregation in the physical world
One of the terms frequently used in the cyber lexicon is ‘Cyber Hygiene’. This is a reference to the practices and steps taken by users of computers and other devices to maintain system health and improve online security: the cyber equivalent of washing your hands to avoid a biological infection.
The directive to wash your hands thoroughly has always been suggested as a top step in mitigating a virus or biological threat from infecting a new host or infecting yourself if you are contaminated. This is not unlike maintaining up-to-date antivirus software and applying security patches to mitigate the risk of contracting a computer virus or other cyber threat.
In larger networks, ‘segmentation’ is frequently implemented to protect vulnerable hosts and prevent the spread of an infection across the whole enterprise. Network segmentation is the practice of splitting a computer network into subnetworks, which both boosts performance and improves security. This is not unlike the “segregation” of vulnerable members of our society in times of pandemic. In both cases, isolation reduces the impact of any infection.
A cyber plan without sufficient resources is a cyber hallucination
In cybersecurity, it is generally accepted that it is a case of “not if, but when” an organisation will fall victim to a ransomware attack or a data breach event. The same is true regarding a pandemic outbreak: at the time of publishing, the world has fully entered the “when” stage. Years of government policies of austerity, cuts to healthcare and a reduction in grants to medical research and global health programmes like the WHO, have eroded the resources for a robust response to the current pandemic.
From proactive coronavirus vaccination research and production – based on early detection, availability of infection test-kits and large stocks of proper protective gear for medical professionals – it is clear that the response plan requires resources that are simply not available. This is not unlike the current cognitive dissonance evident in organisations that have neglected to invest in the resources to respond robustly to a ransomware or data breach incident but are surprised when their network is attacked.
After the cyber or pandemic apocalypse
Like most organisations that suffer a serious cyberattack, the resources and money to enact robust proactive and preventative steps are usually provided after the fact. While this is positive for the future security of the company, it evidently cannot prevent the loss of income and the cost of recovery from the initial attack. It is clear that governments around the world were too slow to act in the face of the outbreak of coronavirus, but we can only hope that lessons are learned. Resources must be designated to allow for a robust response to a future pandemic, and they must be ring-fenced and protected for the next time cuts to government spending are contemplated.
Sources and notes:
[2] – EternalBlue” is a cyberattack exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers group on 14 April 2017, one month after Microsoft released patches for the vulnerability, 13 March 2017. On 12 May 2017, the WannaCry ransomware used this exploit to attack unpatched computers worldwide. On 27 June 2017, the exploit was again used to help carry out the 2017 NotPetya cyberattack on more unpatched computers.