3 Things Covid can Teach us About Cybersecurity
The IoT is bringing an exponential rise in the amount of interactions between connected devices and with that comes risk.
Interactions between people create risk in the current pandemic. In fact, there are many parallels with the Covid crisis and some useful lessons.
The challenge
As more and more devices from lightbulbs to packages, engine components to furniture contain connected data gathering processors, the internet of things is becoming increasingly integrated into our environments in ways we may be totally unaware of. Many of the interactions take place without any human knowledge or input and without the ability to switch them off.
Cyber security professionals are used to understanding where processes, devices and systems connect. In the past they have been able to see the entire attack surface of their organisation, that will no longer be possible. With thousands of autonomous devices physically moving in and out of your organisation, understanding what’s happening on the fringes of your network will become impossible. Add to that the same thing happening in the supply chain and life is about to become incredibly complicated.
A Cybercrime Pandemic?
The analogy with the Covid health crisis is interesting. Covid19 is only dangerous because we have so many people living in such close proximity and interacting. The virus takes advantage of so much opportunity to spread and adapt. As the gaps close between devices in the IoT, we have created a comparable situation. In the past we’ve had specific threats for specific areas of business and business sectors, IoT will make that a thing of the past as the gaps between devices become smaller so does the gap between threats. The idea of a cyber pandemic becomes increasingly credible.
What can we learn from the way we’ve dealt with Covid?
-
Testing
- It’s vitally important to know what is actually happening. Maintaining ongoing testing and assessments will be essential, not just periodic testing to tick the compliance box but a constant monitoring regime.
-
Track and trace
- Being able to know where potential threats have come from. Did they come from the supply chain? Insiders? A physical breach? The ability to track and trace will be vital.
-
Training and awareness
- Staff need to understand threats, not just generic training but realistic training which helps them to mitigate current threats. If training doesn’t exist for an emerging threat we’ll need to create it. And senior management need to become literate in cyber risk. If they don’t understand what’s at stake, how can they provide the leadership to combat it?
These lessons are valuable right now. We’ve had to think very carefully about dealing with this pandemic, so we may as well use that valuable knowledge in other areas. As we’ve seen, prevention is so much easier and cheaper than dealing with a crisis.
Find out more about We Fight Fraud's holistic approach to security, which includes state of the art training and threat assessment.