In recent years, some in the cyber world recognize that there is a lot to learn from the biological world when protecting systems against viruses.
Now, the corona pandemic presents an opportunity for the medical world to learn something from the cyber world.
I believe we can gain insights by reviewing the medical strategies selected by various countries and viewing them through the lens of cyber strategies.
Let’s begin by recognizing that cybersecurity is built in layers. There is no one magic solution or layer that can prevent all possible attacks.
Furthermore, it is impossible to protect everything for all eternity. Computers will be attacked, information will be stolen, and activity will be interrupted. It has already been accepted in the business world that it is not possible to maintain an extremely high level of protection, while at the same time enabling a business to run at its required pace.
A compromise must always be found, and risks managed. Extremely high levels of security are possible, but this will give rise to a situation where work may grind to a halt. Businesses accept that by running freely, they expose themselves to various levels of cyber threats.
The challenge, which has become the main responsibility of information security managers, along with their organizations, is to learn how to live with these day-to-day compromises. To understand the risks they take, determine what level of risk they can accept, and what level of risk is too great.
Just as businesses weigh various protection approaches, we can see several strategies for protection against COVID-19 being implemented by various countries.
‘The perimeter is dead’
Asia, South Korea and Taiwan have adopted a relatively advanced approach of detecting the threat, finding where it is harbored, and dealing with it surgically. This is in conjunction with a basic layer of disinfecting large areas.
Advanced concepts of threat hunting and extensive investment in detection and incident responses go above and beyond the basic layer of a standard firewall and endpoint protection. This approach reflects an understanding that the “point of contact” to the world will be breached, or in professional slang, “the perimeter is dead.”
It is not possible to achieve full protection and keep the threat outside the perimeter forever.
The threat must be sought out on a targeted basis and dealt with wherever identified without giving up on a basic layer of protection, which will succeed anyway in preventing the simpler threats from penetrating.
From aggressive to sensible
Most countries — including Israel, Italy and the United States — have adopted more traditional approaches.
Israel began with the belief that there is indeed a “perimeter” and that the threat can be blocked externally. As mentioned, this approach is now widely considered irrelevant.
Subsequently, Israel, like Italy and the USA, transitioned to an aggressive policy of strong lockdown of the network, preventing the transmission of information between points in the network.
Such an approach can indeed succeed in preventing breaches, but it also has the effect of preventing most activity on the network. Consequently, it has an adverse effect on the organization’s business activity.
This approach was previously beneficial at sensitive locations such as defense establishment institutions. Over the years, it has become understood that it is impossible to operate with such difficulties piling up over the activity of the organization.
The Israel Defense Forces realized several years ago that in order to achieve its aims, it must allow more access to the network to facilitate connections and transmission of information between endpoints. In order to reduce potential risk, the IDF has sought more advanced protection approaches.
Throughout the industry, few organizations still stick with the approach of a robust and aggressive cyber policy. In the last decade, we have witnessed a shift toward more sensible and considered risk management, which attempts to strike a balance between the need to facilitate activity and the desire for protection.
Britain has attempted to adopt a unique approach, which the cyber world finds slightly illogical. In the sphere of public health, Britain has attempted to rely upon the immunity of all its citizens. In the cyber sphere, Britain seems content with the installation of antivirus software at all the endpoints — a protection approach that has not been relevant for approximately 20 years.
Now let’s analyze the operational approaches of the countries from the angle of “threat intelligence.”
On one side of the spectrum is the US, which appears to have approached this situation with a profound lack of information, to the point of ignorance in the face of the threat.
On the other hand, Israel has learned as much as it could about the threat and has attempted to prepare for it ahead of time.
Today in the cyber world, there is a growing acknowledgment of how difficult it is to build a layer of protection against cyber threats without engaging in the acquisition of advanced information related to threats and their nature.
Currently, the leading organizations worldwide, with their own ability to protect themselves, are widely reliant upon information when addressing cyber threats.
Another analogy to the cyber world can be analyzed from the public reactions in various countries.
Apparently, in Singapore, Taiwan, South Korea and perhaps other places, the public has strictly complied with governmental directives, understanding the risk and responding well to the threat. On the other end of the spectrum is Italy, which reacted complacently, did not heed governmental instructions, and didn’t understand the size of the threat.
Thus, in cyber, the emphasis in recent years is on awareness and training of personnel to appreciate the threat and educate them on proper procedures in the presence of a threat. This “cyber hygiene” approach reminds employees not to open suspicious emails, how to report something suspicious to the organization, and so on.
Organizations that have invested in educating personnel regarding awareness and correct actions have reported an improvement in the immunity of the organization to cyber threats. In organizations that have not invested in this at all, most people find themselves falling prey to cyberattacks such as email impersonations.
Innovation and prevention
It appears that in the cyber world, advanced organizations that are adopting innovative approaches and tools such as threat hunting, detection, incident response and employee awareness have seen better results in coping with cyber threats.
In the physical world, countries that have adopted similar approaches appear to have succeeded, at least for now, in containing the virus in terms of a dramatic reduction in the number of infections and are at the point of at least a partial return to routine.
Countries viewed as maintaining more traditional approaches and that are attempting to sanctify the perimeter or apply tough, aggressive policies as their major effort, are finding it very difficult to contain the threat. These countries are still seeing a rise in cases, coupled with a widespread paralysis of economic activity and the economy as a whole.
If countries wish to learn lessons from the world of cyber protection in order to deal with the coronavirus threat, then they must build defenses that consist of several layers. No single method can deter the threat.
Investment efforts must be put toward prevention. It is essential to create a basic level of control and monitoring of entrances, but action is also necessary on the level of detection and treatment.
This can only be done properly by gathering and analyzing the latest data. It is to be hoped that more and more countries will consider adopting more advanced protection approaches, finding ways of applying them in the physical world in order to accelerate the end of the threat and bring about a return to a normal routine.
Zohar Rozenberg is vice president of cyber investments for Elron, investing in early-stage cybersecurity and enterprise software startups. In his previous role as an IDF Unit 8200 colonel (retired), he assisted in the founding of Israel’s National Cyber Bureau, formalizing the country’s national cyber strategy. His final role with the IDF was as the head of its cyber department.