In recent years, some in the cyber world recognized that there is a lot to learn from the biological world when protecting systems against viruses. Now, the Corona epidemic presents an opportunity for the medical world to learn something from the cyber world. To analyze the strategies selected by various countries, let’s review them through the lens of cybersecurity.
By Zohar Rozenberg, Chief Strategy Officer for Elron
Let’s begin by recognizing that cybersecurity is built in layers. There is no one magic solution or layer that will prevent all possible attacks. Furthermore, in the cyber world, it has been understood for some time that it is impossible to protect everything for all eternity. There will be incidents. Computers will be attacked, information will be stolen, activity will be interrupted. It has already been accepted in the business world that it is not possible to maintain an extremely high level of protection while at the same time enabling a business to run at its required pace.
A compromise will always be found, and risks managed. Extremely high levels of security are possible, but this will give rise to a situation where work may grind to a halt. Businesses accept that by running freely, they expose themselves to various levels of cyberthreats.
“The challenge, which has become the main responsibility of information security managers and with their organizations, is to learn how to live with day-to-day compromises and to understand the risks they take, determine what level of risk they can accept, and what level of risk is too great.”
Just as businesses weigh various protection approaches in cybersecurity, we can see several strategies for protection against Coronavirus being implemented by various countries. In South Korea and Taiwan, a relatively advanced approach has been adopted of detecting the threat, finding where it is harbored, and dealing with it surgically wherever identified. These methods are used in conjunction with a basic layer of disinfecting large areas.
As in the cyber world, this can be seen in the use of advanced concepts of threat hunting and extensive investment in detection and incident responses. All this is above and beyond the basic layer of a standard firewall and endpoint protection in order to provide some basic level of protection throughout the whole organization. This approach reflects an understanding that the “point of contact” to the world will be breached, or in the professional slang, “the perimeter is dead.” It is not possible to achieve full protection and keep the threat outside the perimeter forever. The threat must be sought out on a targeted basis and dealt with wherever identified without giving up a basic layer of protection, which will succeed in preventing the simpler threats from penetrating.
Most countries in the world, including Israel, Italy, and the U.S. have initially adopted approaches that are similar to traditional and older methods in the cyber world. Israel began with an approach that derives from the belief that there is indeed a “perimeter” and that the threat can be blocked externally. In the cyber world, this approach is now widely thought to be inherently irrelevant. Subsequently, Israel, like Italy and the U.S., transitioned to taking the approach of a callous and aggressive policy. In the cyber world, such an approach equates to a policy of a strong lock-down of the network, preventing the transmission of information between points in the network. This makes any utilization of the resources of the network difficult and, in general, tends to reduce traffic on the network. Such an approach can indeed succeed in producing achievements in terms of preventing breaches of the network and the endpoints, but it also has the effect of preventing most of the activity on the network and, consequently, having an adverse effect on the organization’s business activity. Such an approach to protection was previously beneficial at sensitive locations such as defense establishment institutions, but over the years, they have also understood that it is impossible to operate over time with such difficulties preventing the activity of the organization.
“Throughout the industry, it is now difficult to find organizations that have stuck with the approach of a robust and aggressive cyber policy. In the last decade, we have witnessed a shift towards more sensible and considered risk management that attempts to strike a balance between the need to facilitate activity and the desire for protection.”
Britain has attempted to adopt its own unique approach towards the Coronavirus crisis, relying more on the Herd Immunity theory, that the cyber world finds slightly illogical. This approach, similar to installing basic anti-virus software on each endpoint, has been outdated for decades and there are currently no organizations in existence that use it as their approach for protection, with the possible exception of very small businesses.
Since the Covid-19 began to spread across Asia, some countries were quick to understand this will become a global issue and take initial measures such as closing borders to arrivals from Asia, and later from more and more countries which showed signs of an outbreak. Other countries seemed to have rejected the notion and insisted on “business as usual” for some time before realizing they too had to take similar measures.
In the cyber world, this may be analogous to using Threat Intelligence. Today in the cyber world, there is a growing acknowledgment of how difficult it is to build a layer of protection against cyber threats without engaging in the acquisition of advanced information related to threats and their nature. Currently, the leading organizations worldwide, with their own ability to protect themselves, are widely reliant upon information when addressing cyber threats.
The public reactions of various countries towards the crisis and the guidance given by governments vary. Apparently, in Singapore, Taiwan, South Korea, and perhaps other places, the public has strictly complied with governmental directives, understanding the risk, and responding well to the threat. On the other end of the spectrum is Italy, which for weeks reacted complacently, did not heed governmental instructions, and didn’t understand the size of the threat. There is a direct parallel in cybersecurity: end-user awareness and training. In cybersecurity, training the personnel of the organization to appreciate the threat and educate them on proper procedures in the presence of a threat is an important part of every cybersecurity program. This is regarded as maintaining “cyber hygiene,” which reminds employees not to open suspicious emails, how to report something suspicious to the organization, etc.
Organizations that have invested actively in educating people regarding awareness and correct actions have reported an improvement in the immunity of the organization to cyber threats. In organizations that have not invested in this at all, most people find themselves falling prey to cyber-attacks such as email phishing.
It appears that in the cyber world, more advanced organizations are adopting more innovative approaches, and the use of advanced tools such as threat hunting, detection, incident response, as well as employee awareness have produced better results in coping with cyber threats. Thus, in the physical world, countries that have adopted similar approaches appear to have succeeded, at least for now, in containing the virus’s threat in terms of a dramatic reduction in the number of cases of infection and are on the point of at least a partial return to routine. Countries viewed as maintaining more traditional approaches and that are attempting to sanctify the perimeter or apply tough, aggressive policies as their major effort, are finding it very difficult to contain the threat. Some of these countries are still seeing a rise in cases, coupled with a widespread paralysis of economic activity and the economy as a whole.
“If countries wish to learn lessons from the world of cyber protection in order to deal with the Coronavirus threat, then they must bear in mind that building defenses must consist of several layers. No one method can avoid the threat.”
Investment efforts must be put toward prevention. It is essential to create a basic level of control and monitoring of entrances, but the action is also necessary on the level of detection and treatment. This can only be done properly by adequately gathering and analyzing the latest data. It is hoped that more and more countries will consider adopting more advanced protection approaches, finding ways of applying them in the physical world in order to accelerate the end of the threat, and bring about a return to a normal routine.
About the Author
Zohar Rozenberg (Col. Ret.) is the Chief Security Officer at Elron, an Israeli holding company dedicated to building technology companies, actively investing in startup companies. He is also acting as Member of the Board for several cyber companies. Zohar was also involved in the establishment of the National cyber bureau and the formalization of the Israeli national cyber strategy.
CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article.