The expert advice, and the resistance to it, about stemming the tide of COVID-19 infections bears remarkable resemblance to the expert warnings about cybersecurity.
David Shearer
CEO, (ISC)2
There were plenty of data-backed warning signs that it was only a matter of time before a pandemic like COVID-19 would occur, and that it could result in catastrophic loss of life as well as sustained economic damage. Still, many outside the epidemiology field adopted a “can’t happen here” mentality. The rapid global spread within just a few months showed us the error in that type of thinking. The threat was obvious, and yet somehow overlooked to a great degree.
Warning signs
Similarly, cybersecurity professionals across the public and private sectors consistently warn that the next mega data breach or compromise of critical infrastructure is a case of when, not if, and that the risk of financial loss or public safety at micro, macro, and even global levels could be immense. But because security is often viewed as a deterrent to efficiency and profitability, many of those warnings go unheeded. There are numerous parallels to be drawn between the virus response and our ongoing challenges with cybersecurity vigilance.
Globalization and interdependent economic systems have resulted in a situation in which no region has been immune to the pandemic’s spread. Likewise, our digital world has become borderless, and no region is immune to cyberattacks, no matter from where they emanate.
We all know what we’re supposed to do to avoid contracting the virus. Wear a mask, social distance, avoid large crowds and events, wash hands thoroughly, don’t shake hands, and report symptoms and seek medical testing if you suspect you’ve been infected.
Similarly, to prevent cybersecurity breaches, we constantly advise people to employ tools like firewalls, VPNs and antivirus software, update and patch software regularly, avoid visiting unsecured websites and connecting to public WiFi networks, be wary of clicking on links in emails from untrusted sources, and notify your organization’s security team if you suspect you’ve been infected. We do all of these things not only to protect ourselves, but to ensure the safety and security of those around us as well.
Yet individuals are often reluctant to do the things experts advise to avoid infection, and sometimes even adamantly against it. For decades the cybersecurity community has encouraged people to use strong passwords and adopt other best practices only to meet with considerable resistance. Just like mask use, cybersecurity hygiene is often seen as inconvenient and unnecessary, despite most of us having a basic understanding of how to limit our risk of infection.
These lessons should have been learned long ago and applied to this pandemic. Why do we continue to ignore them at our own peril?
What’s true of cybersecurity is also true of this pandemic; the weakest link in the chain affects us all. The only way we’ll solve the problem is if humanity as a whole takes the proper steps to protect themselves and those around them.
And just as the cybersecurity landscape changes and new threat vectors emerge and mutate, scientists and medical professionals are still learning more about how COVID-19 behaves and how immunity is built, and the guidance they provide will evolve over time. We may need to go back to the drawing board from time to time to build environments that are inherently secure. Whether you’re dealing with a pandemic or global cybersecurity, one fundamental truth is the same. We need to listen to the experts and adapt in order to stem the tide.