It’s a difficult job to be a cybersecurity professional, especially if you’ve been one for a while. It skews your sensibilities, and at least for me, has turned me into a fairly risk-averse person.
I think it has to do with understanding how computers work, and what the art of the possible really is when it comes to attacks on our information systems and critical infrastructure. Most of what I do on a daily basis is related to strategy and relationships, but I’ve been studying principles of risk management for 20 years – and not just relative to cyber.
Then along comes a new strain of coronavirus, which is intimidating for sure. As a company, we’ve spent the last few weeks going over scenarios internally with our own leadership as well as holding external discussions with other leaders and organizations. Infectious disease experts are suggesting that we could be operating under impaired conditions for up to six months, putting a strain on the people and processes that make up government, the healthcare system, public safety, and other essential elements of society. Unprecedented in my lifetime, school systems are being closed to slow the spread, which puts strain on families and communities.
Weakness invites attack
It is an unfortunate reality that when attention is focused elsewhere, or when one is weakened, opponents typically take advantage. Presently, the majority of the world is focused on the coronavirus, which makes banks, hospitals and critical infrastructure a ripe target for opportunistic cyber adversaries. Criminal organizations seeking bitcoin as well as more advanced adversaries that target our infrastructure and intellectual property are planning their attacks while the world is distracted.
We need to be vigilant. The security of our information systems can’t ever be an afterthought, but especially not now. Business continuity and security plans need to be a priority along with taking care of our personal lives and our communities. The current coronavirus outbreak will serve as a major lesson for us all — not just in dealing with a new viral threat, but how we strategically prepare to defend a contested cyberspace while the world is in a physically and emotionally weakened state.
On that last point, I’ll close by citing a Twitter thread from a molecular biologist writing about the coronavirus. He observes that the social disruption we’re currently experiencing is part of a conscious, proactive effort on society’s part to combat the virus. “Where the virus has one set of instructions that it ceaselessly carries out,” he notes, “we are able to adapt and — maybe, hopefully — to learn. That’s an awesome power, too. We’ll need it, we should use it.”
A computer virus also has a set of instructions that it ceaselessly carries out. And, as cybersecurity professionals, we’re able to observe, adapt, and respond to counter its effects. We can also apply that same OODA strategy to countering the tactics of cyber criminals and hostile nation-states in the cyber domain. That, too, is an awesome power we have in our ceaseless efforts to protect our networks, our enterprises, our communities, and our way of life.
NOTE: While writing this blog post, I received word that a Czech hospital that is dealing with COVID-19 is sustaining a cyber attack https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/
The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.