IT and Cybersecurity Lessons from the Coronavirus

Reading Time: 4 minutes
Dave Mims
Dave Mims, CEO

As COVID-19 (known popularly as the coronavirus) spreads across the globe, we have seen and learned in real time how prepared and unprepared we are to handle a disaster (in this case, a pandemic). Obviously, there is no way to completely stop all infections and the spread of infections. Governments and public health bodies understand this pragmatic fact and create pandemic plans based on resilience—mitigating the total disruption, lessening future risks, and providing continuity for society.

In Digital Resilience by Ray Rothrock, the author quotes Judith Rodin who says:

“In the twenty-first century, building resilience is one of our most urgent social and economic issues because we live in a world that is defined by disruption. Not a month goes by that we don’t see some kind of disturbance to the normal flow of life somewhere: a cyberattack, a new strain of virus, a structural failure, a violent storm, a civil disturbance, an economic blow, a natural system threatened.”

Commenting on this point, Rothrock says:

“The point is that resilience is not a ‘bonus feature’ of, or an ‘operational accessory’ to, every productive activity and enterprise in the twenty-first century. It must be at their core, a necessity to them. Resilience has always been important, just never more urgently indispensable.”

As noted above, a disturbance can include something like the coronavirus, a cyberattack, or a natural disaster. Currently, these are all threats that towns and cities face.

Are you able to completely prevent the coronavirus, a cyberattack, or a natural disaster from impacting your community? No.

Are you able to plan in such a way that you can be resilient—bouncing back from a disturbance, learning from it, and continuing your municipal operations? Yes.

We can draw upon some of the resilience lessons we see from our federal, state, and local governments to fight coronavirus and apply them to your town or city’s IT.

1. Containment and quarantining

One important strategy that helps slow the coronavirus’s spread is social distancing, containment, and quarantining. Social distancing helps slow and prevent spread. Containment involves keeping infected people from the general population as much as possible by setting up containment zones and buffer zones around areas with high infection rates (such as Wuhan in China). Quarantining involves mandating that infected people stay home until they recover and can no longer infect people.

Similarly, your cybersecurity strategy must involve containing threats when they occur. For example, let’s say ransomware infects one of your computers. You don’t want the ransomware to spread to all your computers and servers. IT professionals can help you with a containment strategy when (and not if) a cyberattack occurs. Containment helps limit the damage from such attacks.

Quarantining emails, files, and infected computers and servers also needs to be part of your cybersecurity strategy through tools such as antivirus software, antispam software, ongoing monitoring, and implementation of your disaster recovery plan.

2. Continuous monitoring

While you are concerned about the coronavirus, it’s safe to say that many interested parties are continuously monitoring it—the World Health Organization, the Centers for Disease Control and Prevention (CDC), and many governments around the world. A threat such as the coronavirus has changed rapidly, and many pairs of eyes have watched developments so that they can adapt quickly.

Who is monitoring your IT environment? Many cyber threats at municipalities become worse because they simply do not know a threat exists. It’s not unusual for malware, ransomware, or a virus to reside within an organization’s network for months before the criminal deploys it. A recent CrowdStrike report “shows a large increase in dwell time to an average of 95 days in 2019 — up from 85 days in 2018 — meaning that adversaries were able to hide their activities from defenders for longer, and that organizations still lack the technology necessary to harden network defenses, prevent exploitation and mitigate cyber risk.”

Having experienced IT engineers continuously monitoring your environment with a mix of automated tools and manual oversight will help you detect threats faster and mitigate risks by addressing them before they do extensive damage to your municipality.

3. Hygiene

When faced with a pandemic, it seems anticlimactic to hear advice from health experts such as washing your hands, covering your mouth and nose when coughing or sneezing, and avoiding touching your face. Yet, these basic, sound, simple measures go a long way toward helping prevent the spread of the coronavirus.

Similarly, a term—“cyber hygiene”—is frequently used in the same way. We’d like to think of complex, automated tools using cool things like artificial intelligence to battle cyberattackers. Yet, most cyberattacks succeed because non-technical people—including your employees—may not be following basic cyber hygiene that includes:

  • Not clicking on suspicious email attachments and website links.
  • Not falling for scams by learning what clues give the scammer away.
  • Using complex passwords or passphrases, and changing them regularly.
  • Using two-factor authentication (2FA).
  • Ongoing patching and updating software.

4. Everyone taking responsibility

I think we can safely say we are not naïve enough to think that our government, the CDC, or some other entity alone will solve the coronavirus problem without our cooperation. In fact, the opposite is the case. This is a community problem—and we all have a part to play. Whether it’s staying informed, following the recommended guidelines and best practices, and self-quarantining if you suspect you’re sick with coronavirus, every individual action matters during this time of crisis.

Similarly, the days of believing that cybersecurity is an “IT problem” or something the “techies” only need to worry about is a very risky view to have. This is an organization-wide problem—and we all have a part to play. Through their actions, each person at your municipality can be the difference between a successful and unsuccessful cyberattack. That includes:

  • Training, and re-training, your staff.
  • Shoring up any security vulnerabilities across your IT network.
  • Backing up your data and regularly testing your data backups to know you can recover.
  • Investing in modernized hardware and software.

We’re all in this together. As time frees up, use this opportunity—among tackling other things you may have long put off—to examine the state of your IT. Are you confidently resilient? Or worried? If you need help, reach out to us today.

Original Date: 5/20/2020