Parallels between the Corona pandemic and the Ransomware threat

Being in the business of Cyber Security I tend to see parallel features when comparing the ever-growing Ransomware spread with the Corona virus pandemic. 

See for yourself whether you can agree:

  1. there is no final fix in sight. Even with the vaccinations, nobody knows how long the protection will last. Cyber: there is no single catch-all defence mechanism in place.
  2. testing is important but does not help against infections. Cyber: penetration testing.
  3. the threat will continue to mutate and nobody knows what the mutations will do.
  4. strengthening your immune system is good. It will help you fight back against the threat. -> strengthen your incident response processes and skill.
  5. Look out for vulnerabilities in your system and address them at an early stage.
  6. continuously look out for symptoms of infection -> strengthen your Cyber-detection capabilities.
  7. once you have been infected, symptoms may vary across victims.
  8. once infected, the threat spreads across the victim’s system and affects many other system components.
  9. resources to deal with a high number of infections are limited. 
  10. there is an incubation period. -> some Ransomware infections start as “sleepers” and break out only when they have sufficiently penetrated the victims system.
  11. be careful when exposed to other people. This is when your infection risk is highest. -> be careful when engaging with other people by opening eMails, this is the primary attack vector for most Ransomware incarnations. Your “baby elephant’s distance” is your eMail awareness, the time you use to stop and think whether you should open that eMail or whether it is too fascinating to be true.
  12. always protect your primary entry-points into your system when in public (aka “cover your nose and mouth”). -> protect your perimeter, but don’t stop there.
  13. once you have been infected, the impact can be very severe.
  14. quarantine and isolation can be appropriate approaches for containing the threat and avoid spreading it.
  15. clean your system frequently and thoroughly. Apply security patches in a timely manner.
  16. if you have been infected once, there is no guarantee that you will not be infected again.
  17. it may take a considerable amount of time to recover from an infection.
  18. the long-term impact of the threat is not known and requires detailed investigations and research.
  19. the threat is here to stay.
  20. the term "Triage" has made it into everyday vocabulary. Everyone knows what it means, by now. in the past, it used to be a specialist term for doctors and (security) incident responders.
  21. some people live in denial. The claim that the threat is not real. Denial is not a defence mechanism.
  22. some people reject immunization efforts. Yes, these come with additional risks. Whether these outweigh the added protection is sometimes not easy to assess. I have heard similar "concerns" from network admins: if we add this security tool, it will weaken our security posture.

Aside from all “similarities” there are, of course, huge differences. One of them being: you can’t pay some unknown group of people to have the threat removed from your system.

There is this science of #bionics. I wonder why we shouldn’t be able to learn from one discipline and apply it to others…

要查看或添加评论,请登录

Lothar H?nsler的更多文章

社区洞察

其他会员也浏览了