Over the past number of months we have witnessed the Ebola crisis grow from being a localized problem with little impact on a global scale to a major global concern with the World Health organization (WHO) warning that the disease could infect up to 10,000 people per week if it is not dealt with. While this is a major health crisis, I could not help draw parallels on how this crisis has developed and been handled to how many organizations deal with their incident response for computer security incidents.

This article on why Ebola won’t gain a foothold in Western countries examines how the disease has managed to spread to date. Some of the key points from the article are;

  • The health systems and infrastructure in many of the countries in West Africa are very poor and could not cope with the initial outbreak.
  • Many of the initial patients displaying symptoms were misdiagnosed as having Lassa Fever.
  • Hospitals dealing with infected patients did not handle or dispose of infectious material in a safe manner.
  • Health professionals did not have the appropriate tools to deal with the crisis or to treat patients properly.
  • Health professionals failed to quarantine infected patients who in turn infected others.

Having worked on various security breaches for clients, and reviewing details of security breaches such as Target, there are many lessons we can learn from the Ebola crisis to ensure that we can improve our own cyber security incident response. When looking at our own environments we need to ask ourselves;

  • Are our infrastructure and systems robust and resilient enough to survive a cyber-attack? Do we really understand what the key business processes and systems are and what is needed to keep them running in any crisis? It is also important that the organization has the appropriate security systems in place to provide an early warning in the event of a suspected breach. There is no such thing as 100% security and the security controls we put in place may not deter an attacker, but they should delay an attacker long enough for them to be detected. It is essential that effective alerting mechanisms are deployed to identify and alert to potential issues.
  • Has the incident response team received the proper training in critical analysis so that when investigating an incident they diagnose the issue correctly and accurately? Are the security monitoring solutions in place working as they should and optimized for the environments they are in? And more importantly, are the alerts generated by them being acted upon?
  • When working on a cyber-security incident the team may come across malicious software and code. Does the team have the right tools to safely handle and analyze that code? What are the facilities in place to ensure that malicious code can be stored, and where necessary, shared with others such as law enforcement, anti-virus companies and Computer Emergency Response Teams? The last thing any incident response team wants is to be responsible for accidentally infecting other systems.
  • Dealing with cybersecurity incidents is a specialized task and requires specialized tools to conduct investigations, analyze logs, collect evidence in a forensically sound manner and record all actions taken during the incident, among other tasks. It is essential that the team has the appropriate tools in place to enable them do their job effectively and efficiently.
  • The most important element in the incident response team are the people that make up that team. An effective team requires experienced and skilled individuals who can also work under extreme pressure, have strong analytical capabilities and have excellent communication skills. To ensure this team remains effective at all times, it is necessary to ensure they received the appropriate training in both their technical and soft skills. It is also important to make sure the team conducts regular exercises to maintain their level of preparedness and capabilities.

While hopefully we may never have to deal with the cyber equivalent of Ebola in the cyber realm, it is worth taking time to analyze how major crisis in the real world are handled and how to apply lessons learnt from them to the digital realm.

More from CISO

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

Cyber leaders: Stop being your own worst career enemy. Here’s how.

24 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. We’ve been beating the cyber talent shortage drum for a while now, and with good reason. The vacancy numbers are staggering, with some in the industry reporting as many as 3.5 million unfilled positions as of April 2023 and projecting the disparity between supply and demand will remain until 2025. Perhaps one of the best (and arguably only) ways we can realistically bridge this gap is to…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…