Winning strategy! Coronavirus or cybersecurity, rules of war are the same
By Dhanya Takkar
The overarching strategy for dealing with Covid-19 has revolved around four quadrants: prevention, detection, response, and prediction. In cybersecurity, we talk about the importance of a holistic strategy that consists of the same quadrants.
In the time of Covid-19, prevention means protecting people from being infected in the first place, such as washing your hands, socially distancing yourself from others, disinfecting your phone and wallet when you get home, and more.
In cybersecurity, prevention means the exact same thing – protecting your IT assets from being infected in the first place—because most major data breaches can be traced back to a single point of failure that could have been prevented.
Today, many new cybersecurity vendors talk of a shining silver bullet that waves away all your cybersecurity headaches—such as machine learning or endpoint detection and response (EDR). But in reality, the concept of a single silver bullet doesn’t hold up. You need basic technologies such as antivirus, application control, web and file reputation, etc., to do the heavy lifting.
Contact tracing is crucial during outbreaks. The longer you take to identify a patient, the more people will be infected. In cybersecurity, detection is about the same thing— how fast you can detect a breach in your system determines the scope of damage. We believe in this strategy called connected threat defense. By deploying security solutions at all the touchpoints in an IT system, from the endpoints to the network to the server, you can start to connect the dots and gain visibility into every nook and cranny. EDR records everything that takes place on the endpoints and threat hunters can rewind to see from which point a threat entered the system, and how it spread.
Since medical supplies are limited, healthcare workers need to prioritise. To prioritise, you need context-rich information about the patient. It’s the same in cybersecurity. A security operations centre (SOC) receives thousands of alerts on a daily basis. Hence, prioritisation becomes the key. XDR breaks the silos between all these solutions gathering data on their own. SOC analysts can focus on alerts that need immediate action instead of combing through each one and manually looking for connection.
In cybersecurity, the more accurate our predictions are, the more effectively we can deal with an upcoming data breach. Combined with big data analytics, threat models, advisory-based behaviour analytics and detection rules from our security experts, we can help to uncover if an emerging or unknown threat or a threat actor is attempting to infect your organisation. Continuous risk assessment of an organisation’s cybersecurity posture also serves to predict impending issues.
Covid-19 will go away, just like any of the pandemics in the past. But cyberattacks will stay as long as there’s a computer connected to the internet. The most effective way to deal with cyberattacks is not to dream of a cure-all panacea, but to take small but coordinated measures that culminate in an all-rounded defense strategy.
The writer is VP & MD, AMEA, Trend Micro