October 29, 2014 By Brian Honan 3 min read

Over the past number of months we have witnessed the Ebola crisis grow from being a localized problem with little impact on a global scale to a major global concern with the World Health organization (WHO) warning that the disease could infect up to 10,000 people per week if it is not dealt with. While this is a major health crisis, I could not help draw parallels on how this crisis has developed and been handled to how many organizations deal with their incident response for computer security incidents.

This article on why Ebola won’t gain a foothold in Western countries examines how the disease has managed to spread to date. Some of the key points from the article are;

  • The health systems and infrastructure in many of the countries in West Africa are very poor and could not cope with the initial outbreak.
  • Many of the initial patients displaying symptoms were misdiagnosed as having Lassa Fever.
  • Hospitals dealing with infected patients did not handle or dispose of infectious material in a safe manner.
  • Health professionals did not have the appropriate tools to deal with the crisis or to treat patients properly.
  • Health professionals failed to quarantine infected patients who in turn infected others.

Having worked on various security breaches for clients, and reviewing details of security breaches such as Target, there are many lessons we can learn from the Ebola crisis to ensure that we can improve our own cyber security incident response. When looking at our own environments we need to ask ourselves;

  • Are our infrastructure and systems robust and resilient enough to survive a cyber-attack? Do we really understand what the key business processes and systems are and what is needed to keep them running in any crisis? It is also important that the organization has the appropriate security systems in place to provide an early warning in the event of a suspected breach. There is no such thing as 100% security and the security controls we put in place may not deter an attacker, but they should delay an attacker long enough for them to be detected. It is essential that effective alerting mechanisms are deployed to identify and alert to potential issues.
  • Has the incident response team received the proper training in critical analysis so that when investigating an incident they diagnose the issue correctly and accurately? Are the security monitoring solutions in place working as they should and optimized for the environments they are in? And more importantly, are the alerts generated by them being acted upon?
  • When working on a cyber-security incident the team may come across malicious software and code. Does the team have the right tools to safely handle and analyze that code? What are the facilities in place to ensure that malicious code can be stored, and where necessary, shared with others such as law enforcement, anti-virus companies and Computer Emergency Response Teams? The last thing any incident response team wants is to be responsible for accidentally infecting other systems.
  • Dealing with cybersecurity incidents is a specialized task and requires specialized tools to conduct investigations, analyze logs, collect evidence in a forensically sound manner and record all actions taken during the incident, among other tasks. It is essential that the team has the appropriate tools in place to enable them do their job effectively and efficiently.
  • The most important element in the incident response team are the people that make up that team. An effective team requires experienced and skilled individuals who can also work under extreme pressure, have strong analytical capabilities and have excellent communication skills. To ensure this team remains effective at all times, it is necessary to ensure they received the appropriate training in both their technical and soft skills. It is also important to make sure the team conducts regular exercises to maintain their level of preparedness and capabilities.

While hopefully we may never have to deal with the cyber equivalent of Ebola in the cyber realm, it is worth taking time to analyze how major crisis in the real world are handled and how to apply lessons learnt from them to the digital realm.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today