Half the world is currently fighting a pandemic. The new coronavirus has exposed considerable holes in our protective systems, forcing 3.9 million people in 50 countries into confinement and bringing unprecedented losses in its tail.
How did that happen?
First, let’s put the situation in context. Pandemics of this scale were long gone from our living memory. The last one, the Spanish flu, had infected a quarter of the world population and ended almost exactly 100 years ago. We can legitimately not underestimate the surprise factor. This situation is new for everyone.
Could it be avoided?
Some countries had simulated pandemics to prepare for the real ones. But all their preparation was just mitigation. Yes, having a stockpile of masks, ventilators, protective blouses for healthcare workers… absolutely changes how you respond to the crisis. And prepared countries can dramatically reduce the spread of infections, help more people survive and rebound faster economically.
But mitigation alone cannot be the only strategy, just as extinguishing fires cannot be the only strategy to prevent massive fires. In France, the forest regulation limits the spread and damage of any new fire by forcing people to reduce the size of tree clusters near their homes. It is a far more efficient and cost-effective strategy than waiting for them to become large then try to extinguish them, especially in regions where wildfires are a known recurring plea.
How does it apply to cybersecurity?
In cybersecurity, this logic would translate into reducing the size of clusters of systems and data that can be accessed through the same door. At the moment, the two leading practices in most organizations have the same effect. People either centralize systems and data access at one point, through a login and password or biometric. Or they use similar credentials to access all your systems or data (which means if a hacker gets one of your systems credentials, they can reuse them for others). Both practices lead to the same result: a very high risk that the whole organisation and third parties get infected from one breach.
As with wildfires or biological pandemics, investigating and patching a cybersecurity breach will always be less effective than preventing a virus from massively spreading in the first place. As 81% of all breaches start with an intrusion through passwords, any cybersecurity plan should therefore start with reducing the size of clusters, making all accesses independent and decentralising credentials.
How to build a strong and secure access architecture?
A secure access architecture is based upon strong unique and independent credentials for all systems, networks, applications, databases and devices inside the organisation. By reducing the size of clusters that can be accessed through any credential, organisations can dramatically reduce the size of breaches when they happen, stop virus from spreading far and wide into their systems and that of third parties.
That strategy implies putting users front and center of your cybersecurity strategy. Just like with COVID-19, getting people to practice social distancing, self-isolate when they have symptoms and wash their hands is far more effective to stop the virus from spreading than only monitoring them. And as with fires or viruses, you need rules and tools to help people protect themselves, inside and outside the organization.
But aren’t cybersecurity solutions complicated and expensive?
Most cybersecurity solutions are indeed long and expensive to implement. But you can now leverage a well-architected solution that is simple to deploy, easy to use and very competitive to cover over 80% of your cyber risks. And the good news is you can start doing it today.
Next time you see someone typing a password, think about its potential consequences for your organisation and your ecosystem. Why not embed cybersecurity in your organisation by including your users in your strategy instead?