Half the world is currently fighting a pandemic. The new coronavirus has exposed considerable holes in our protective systems, forcing 3.9 million people in 50 countries into confinement and bringing unprecedented losses in its tail.
How did that happen?
First, let’s put the situation in context. Pandemics of this scale were long gone from our living memory. The last one, the Spanish flu, had infected a quarter of the world population and ended almost exactly 100 years ago. We can legitimately not underestimate the surprise factor. This situation is new for everyone.
Could it be avoided?
Some countries had simulated pandemics to prepare for the real ones. But all their preparation was just mitigation. Yes, having a stockpile of masks, ventilators, protective blouses for healthcare workers… absolutely changes how you respond to the crisis. And prepared countries can dramatically reduce the spread of infections, help more people survive and rebound faster economically.
But mitigation alone cannot be the only strategy, just as extinguishing fires cannot be the only strategy to prevent massive fires. In France, the forest regulation limits the spread and damage of any new fire by forcing people to reduce the size of tree clusters near their homes. It is a far more efficient and cost-effective strategy than waiting for them to become large then try to extinguish them, especially in regions where wildfires are a known recurring plea.
How does it apply to cybersecurity?
In cybersecurity, this logic would translate into reducing the size of clusters of systems and data that can be accessed through the same door. At the moment, the two leading practices in most organizations have the same effect. People either centralize systems and data access at one point, through a login and password or biometric. Or they use similar credentials to access all your systems or data (which means if a hacker gets one of your systems credentials, they can reuse them for others). Both practices lead to the same result: a very high risk that the whole organisation and third parties get infected from one breach.
As with wildfires or biological pandemics, investigating and patching a cybersecurity breach will always be less effective than preventing a virus from massively spreading in the first place. As 81% of all breaches start with an intrusion through passwords, any cybersecurity plan should therefore start with reducing the size of clusters, making all accesses independent and decentralising credentials.
How to build a strong and secure access architecture?
A secure access architecture is based upon strong unique and independent credentials for all systems, networks, applications, databases and devices inside the organisation. By reducing the size of clusters that can be accessed through any credential, organisations can dramatically reduce the size of breaches when they happen, stop virus from spreading far and wide into their systems and that of third parties.
That strategy implies putting users front and center of your cybersecurity strategy. Just like with COVID-19, getting people to practice social distancing, self-isolate when they have symptoms and wash their hands is far more effective to stop the virus from spreading than only monitoring them. And as with fires or viruses, you need rules and tools to help people protect themselves, inside and outside the organization.
But aren’t cybersecurity solutions complicated and expensive?
Most cybersecurity solutions are indeed long and expensive to implement. But you can now leverage a well-architected solution that is simple to deploy, easy to use and very competitive to cover over 80% of your cyber risks. And the good news is you can start doing it today.
Next time you see someone typing a password, think about its potential consequences for your organisation and your ecosystem. Why not embed cybersecurity in your organisation by including your users in your strategy instead?
Don’t know where to start? Get a free assessment on your credentials security level here or contact us at info@mycena.com
The World Economic Forum has made a striking declaration about cyber security – that it is the responsibility of world leaders. As part of the World Economic Forum Annual Meeting, experts claimed that security has been the domain of the IT department for too long, and we must all get involved as cyber-attacks grow in sophistication. Conclusions from the meeting included a need for a “culture of cyber security” and a rethink into organisational structures, as well as investment into evolving technologies.
A new report has found that multi-factor authentication attacks are expected to rise in 2020. Multi-factor authentication involves using more than one device or access method to log in to a user account, for example a fingerprint scan and a unique pin. According to the report, 57 per cent of global businesses now use multi-factor authentication, making it a new target for hackers. Experts are predicting a rise in ‘9am attacks’ whereby end-users receive a notification to log in when they arrive at the office, inadvertently giving hackers access.
The UK head of cyber security is to step down in 2020 after more than six years of service. Ciaran Martin, who founded the UK’s national cyber security unit, is moving to a role in the private sector for summer 2020. In response, Downing Street is going to implement a “strategic review” of British defence and security, focusing on cyber security. Martin’s top achievements include linking state-sponsored cyber attacks to Russia. In a statement, he said the time had come for a new successor to “take the organisation to the next level”.
2020 has been marred with news of attacks on non-renewable energies. At the turn of the decade, the North American Power Grid was subject to threats from organisations such as Parisite, which exploited vulnerabilities in industrial control systems. Meanwhile, Bahrain is under attack from a new Iranian data wiper malware threat, which has taken down national oil company Bapco. Experts now claim that cyber security must be at the forefront of energy companies’ minds, particularly as we continue to rely on external suppliers.
Transport organisations are recognising the increasing cyber security challenges before us. In the UK, the Civil Aviation Authority has launched a scheme in collaboration with Crest to help the aviation industry manage risks. It will take the form of an accreditation to show companies’ commitment to security.
