October 29, 2014 By Brian Honan 3 min read

Over the past number of months we have witnessed the Ebola crisis grow from being a localized problem with little impact on a global scale to a major global concern with the World Health organization (WHO) warning that the disease could infect up to 10,000 people per week if it is not dealt with. While this is a major health crisis, I could not help draw parallels on how this crisis has developed and been handled to how many organizations deal with their incident response for computer security incidents.

This article on why Ebola won’t gain a foothold in Western countries examines how the disease has managed to spread to date. Some of the key points from the article are;

  • The health systems and infrastructure in many of the countries in West Africa are very poor and could not cope with the initial outbreak.
  • Many of the initial patients displaying symptoms were misdiagnosed as having Lassa Fever.
  • Hospitals dealing with infected patients did not handle or dispose of infectious material in a safe manner.
  • Health professionals did not have the appropriate tools to deal with the crisis or to treat patients properly.
  • Health professionals failed to quarantine infected patients who in turn infected others.

Having worked on various security breaches for clients, and reviewing details of security breaches such as Target, there are many lessons we can learn from the Ebola crisis to ensure that we can improve our own cyber security incident response. When looking at our own environments we need to ask ourselves;

  • Are our infrastructure and systems robust and resilient enough to survive a cyber-attack? Do we really understand what the key business processes and systems are and what is needed to keep them running in any crisis? It is also important that the organization has the appropriate security systems in place to provide an early warning in the event of a suspected breach. There is no such thing as 100% security and the security controls we put in place may not deter an attacker, but they should delay an attacker long enough for them to be detected. It is essential that effective alerting mechanisms are deployed to identify and alert to potential issues.
  • Has the incident response team received the proper training in critical analysis so that when investigating an incident they diagnose the issue correctly and accurately? Are the security monitoring solutions in place working as they should and optimized for the environments they are in? And more importantly, are the alerts generated by them being acted upon?
  • When working on a cyber-security incident the team may come across malicious software and code. Does the team have the right tools to safely handle and analyze that code? What are the facilities in place to ensure that malicious code can be stored, and where necessary, shared with others such as law enforcement, anti-virus companies and Computer Emergency Response Teams? The last thing any incident response team wants is to be responsible for accidentally infecting other systems.
  • Dealing with cybersecurity incidents is a specialized task and requires specialized tools to conduct investigations, analyze logs, collect evidence in a forensically sound manner and record all actions taken during the incident, among other tasks. It is essential that the team has the appropriate tools in place to enable them do their job effectively and efficiently.
  • The most important element in the incident response team are the people that make up that team. An effective team requires experienced and skilled individuals who can also work under extreme pressure, have strong analytical capabilities and have excellent communication skills. To ensure this team remains effective at all times, it is necessary to ensure they received the appropriate training in both their technical and soft skills. It is also important to make sure the team conducts regular exercises to maintain their level of preparedness and capabilities.

While hopefully we may never have to deal with the cyber equivalent of Ebola in the cyber realm, it is worth taking time to analyze how major crisis in the real world are handled and how to apply lessons learnt from them to the digital realm.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today