There have been a great deal of comparisons between COVID-19 and computer viruses. As the first pandemic in the digital age, the comparison is valid.
But most focus on how we can leverage knowledge from the real world to stop viruses in the virtual world. I would like to suggest that cybersecurity can return the favor, and perhaps the medical world can implement lessons learned in fighting "cyber viruses" in their efforts agains the Coronavirus.
Computer Virus History and the Fight Against COVID-19
Fred Cohen first named a computer “program that can infect other programs by modifying them to include a, possibly evolved, version of itself” in his 1986 Ph.D. thesis. However, in the last couple of years, computer viruses have undergone rapid evolution that has made them much more difficult to identify and mitigate:
- 439,000 new malware variants were detected in 2019, a 12.3 year-over-year increase
- Modern malware has evolved from the early illegal software distributed via floppy disks into threats that steal passwords; exfiltrate sensitive data; encrypt and delete data; and some can even scan for open RDP ports, brute-force onto device, and then move laterally within the organization’s network
- Malware coders now weaponize Word, PDF, and Excel documents to hide their software and use detection-evasion mechanisms, all while leveraging legitimate software update mechanisms that can penetrate an entire organization in minutes
To mitigate these threats, the cybersecurity industry has developed several methodologies that can, and in some cases are (with adaptations, of course), be used to reduce the spread of biological viruses
- Zero-Trust Policy – The main principle of a Zero Trust policy is “never trust, always verify”. This means that every user must verify their credentials every time they attempt to “enter” an organization's network and that every file and process is constantly monitored, even if it has been authorized to run on the system.
Similarly, humans now largely consider that others are carriers and only “trust” them after they have been tested (or had their temperature taken).
- Assume a Breach – Instead of striving to identify and mitigate all threats all of the time, cybersecurity professionals assume that some threats will infect them and concentrate on finding and stopping these threats before they do more damage.
Instead of playing “whack-a-mole” for the foreseeable future, it’s prudent to invest in rapid detection kits like some nations are doing to ensure the infected are treated swiftly.
- Segmentation – This limits “movement” within an organization so that other parts are not infected.
As we've seen in hotspots like New York City, locking down hot spots can be preferable to locking down entire regions or countries.
- Risk Modeling – CISOs conduct risk assessments and prioritize security spending to mitigate the most acute threats and secure the most valuable assets rather than attempting to prevent all threats at all times.
Healthcare officials should do the same to ensure that the most sensitive populations are protected from disease.
- Intelligence Intake – Security professionals have shared information about malware, cybercriminals, and data leaks for a long time. This has been immensely helpful in fighting cybercrime.
Such collaboration should also be adopted by global scientific, medical communities, governments, and healthcare organizations. As the coronavirus threat is new, we should all share detection and treatment, and notify others when we think we’ve made breakthroughs.
Combatting Coronavirus with Cybersecurity Principles
Viruses are dangerous, and they spread quickly through a population until a cure or a vaccine is found. The Coronavirus spread almost at machine speed and overwhelmed countries and healthcare organizations.
We believe that utilizing the lessons learned by the cybersecurity industry in the past 3 decades could help thwart the Coronavirus pandemic.
Yotam Gutman is marketing director at SentinelOne, and a retired Lt. Commander in the Israeli Navy. Yotam founded and managed the Cybersecurity Marketing Professionals Community, which includes over 300 marketing professionals from more than 170 cyber companies. Yotam was chosen as one of the 5 Security Influencers to Follow on LinkedIn.