Coronavirus Lessons for Industrial Cybersecurity

Efforts to contain the spread of Coronavirus can teach us a lot about how to develop good cybersecurity in our organizations.   Countries around the world are struggling to manage the impact of coronavirus on the health and well-being of their citizens.  Their efforts include a variety of proven epidemic management strategies: reduce opportunities for virus entry into the country; limit the spread of infections within the populace; rapidly manage cases that emerge; and, reduce the likelihood of future recurrences.   

While viral epidemics and cyber-attacks are certainly different, they wreak havoc in similar ways.  An unprotected entity is compromised and becomes the base for spreading the infection to connected entities.  The impact on an individual entity may be minor or devastating but spreading raises the likelihood that some significant impact will occur.  Efforts to manage the situation are also complicated when spreading occurs before the initial compromise is recognized.  

The likelihood of a specific entity being compromised may be very low but spreading creates opportunities for devastating impacts on health and prosperity.   Smart organizations understand the risk of these “black swan” events and establish programs that can meet these challenges.  The following table illustrates the elements of such programs.   Given the arbitrariness of attacks, smart organizations also focus their efforts on the areas at greatest risk.   

Coronavirus Parallels Can Improve Your Cybersecurity Program

Recognizing the parallels between coronavirus and cybersecurity can help security teams drive better security in their organizations.  Relating cybersecurity activities to similar coronavirus tactics can help garner more support for cybersecurity efforts and educate managers about the need for certain practices and investments. Highlighting how information control contributed to the spread of coronavirus can also help in getting people to appreciate the importance of cybersecurity information sharing within and across industries.   

Building More Support for Cybersecurity Efforts

Managers who are concerned about coronavirus might become more amenable to supporting cybersecurity efforts when they are cast in terms of recommendations for managing coronavirus.  They have families to protect and may already support analogous coronavirus health measures, like educating employees about travel and meeting risks, practicing proper health hygiene, and asking people to stay home if they have any coronavirus symptoms.   

The impact that coronavirus is having on sales, supply chain operations, and stock prices is another aspect of the epidemic that could prove useful in garnering more support for cybersecurity.  Ransomware attacks have already increased top management concern about cybersecurity, but this concern is often discounted by front-line managers.  Some of this is due to their inability to recognize all the things that might be affected and the incredible costs of operational disruptions.  Impacts caused by the coronavirus epidemic can provide a baseline for estimates of losses that a company might incur if a cyber compromise impacts their ability to manufacture and distribute products.    

Relating cyber defenses to coronavirus recommendations can also help in getting managers to appreciate the rationale and importance of specific cybersecurity practices.   Too often, cybersecurity professionals overestimate how much people in other areas know about cybersecurity.  But, given the media storm surrounding coronavirus, every manager will understand the rationale behind similar actions countries are taking to deal with this epidemic.  

Justifying More Cyber Information Sharing

Decisions about informing the public about threats like the coronavirus are incredibly important and difficult.  No one knows for sure how a virus will impact a specific area.  So, leaders are concerned that premature advisories on threats that don’t materialize can cause needless alarm and unnecessary disruption of important activities.   But they also understand that delays in advisories can amplify the impact of a real threat.   Media reports about the spread of coronavirus in certain countries demonstrate what can happen when leaders make the wrong choice.  Uninformed people spread infections more broadly, putting more people at risk and overwhelming containment and treatment efforts.  

Corporate leaders face a similar dilemma when their organization suffers a cyber compromise.  They are reluctant to publicly divulge information about the incident before they have a full understanding of the compromise and its impact.  Premature releases might overestimate the impact and cause irreparable damage to reputation and stock values.  Delays will give attackers more time to exploit stolen information and leave other companies at risk of their operations being disrupted.    

Information sharing with cybersecurity groups in government, industry, and peer organizations should be a different issue, but it frequently falls victim to the same restrictions as public disclosures.  This leaves the door open for attacks on companies with similar systems and hinders development of preventive measures that can help everyone.  It’s important that everyone recognizes that cyber incident information sharing is a two-way street that helps everybody avoid and manage cyber threats.  Highlighting the benefits that many countries gained from sharing coronavirus information can help security teams sensitize their organization to the benefits of participating in cyber information sharing activities.