Similarities Between Tackling Covid-19 And Cyber Threat in a SOC (Security Operation Centre) of Organisation

Understanding the linkage between the symptoms of Covid-19 & Cyber threats.

Today almost every country is witness an ultimate crisis caused through the rapid spread of COVID-19, which wasn’t being detected in the early stage for stopping the proliferation. Sometimes We Cyber Security Professional feel that Covid-19 is like a supersonic botnet that has affected the entire globe and has disrupted the overall GDP’s of maximum countries.

When We look at ironical stats we realize that there is a pretty similarity between handling a Covid-19 Crisis and managing a SOC of an organization, where normally in COVID-19 individuals are forced to quarantine who may have come in contact or have been tested positive. If we see the study of Covid-19 carefully we see a lot of blind spots present through which the infection proliferates and there are always these blind spots exist which keep the virus obfuscating and Mutating. By Far the only way to protect individuals is to conduct the rapid tests and keep the contact of individuals limited to particular space to avoid human to human contact until there is a proper vaccine available in the market.

Same time, there is an entirely new market that has been evolved, all of a sudden, and a lot of importance is being given to the defensive and protective equipment. Products like Contactless thermometer, protective gears, face masks, sanitizers and so have been given a lot of priority. These products have started becoming a mandatory requirement for fighting Covid-19, but none of them provides accountability or responsibility for ensuring total protection.  If You see there is this Blind Spot Exist, even we have seen various PM’s & Presidents who have been infected with this virus as an Evidence.

Comparison of Cyber Threats and its Defence Mechanism 

When we observe these generalise guidelines of Covid-19 as a Cyber Security Professional we see a lot of similarities between the element of Detection Prevention and Response. There is a regular process of treating cyber risks and securing assets mobilised every now and then for the objective of securing organisation from malicious threats. If we observe closely we Cyber Security Professionals recommended organisations to rapidly conduct different sorts of assessments like the VAPT, Red Teaming, Threat Emulations and Security Drills for the sole purpose of detecting these blind spots through which attackers try to get in of the organisation & the sole way of detecting different areas of risks through which intrusion can likely take place is rapid conduction of testing and scheduling different assessments aimed for targeting organisations operation structure. Which then is reported using modern applications to track and trigger the activity.

Technology Integration in Form of Product for Boosting the Immunity of SOC of an Organisation

Then we see a boutique of different products offered as a solution for confronting a common interest that is safeguarding the organisation assets through integration of techniques processed as solutions and offered as product IDS, IPS, EDR, ATP, Endpoints, Threat Intelligence and so on to the management of the organisation giving them a certain amount of assurance. But Reluctance towards acceptance, accountability & Responsibility. This problem defects the raise of these blind spots where attackers evade and bypass this product making the successful operation of malware activity. As all of this product come with a certain amount limitation which attackers often takes an advantage. Same as the coronavirus which spreads from human to human connect we see attackers gaining access of public-facing gateways and then spreading laterally through a centralised point of contacts like the Active Directory or LDAP Server.

What should be an ideal strategy for Safeguarding and Damage Controls for Tackling These Incidents.?

In my personal opinion, I see a huge sudden digital transformation taking place parallels with ongoing coronavirus, what it prescribes is that every organisation and human have to come up with resiliency or immunity towards fighting with coronavirus and cyber threat keeping in mind the use of common sense in a critical time for taking crucial decisions and most importantly taking the right advice from multiple stakeholders with their domain expertise in tackling these situations.

For an organisation, it will be definitely suggested that the use of technology in form of a framework, the use of controls in form of zero trusts and use of people in form of process is a unique approach for tackling strong incidents.

By Smith Gonsalves
Head of Cyber Operations CyberSmithSECURE
Mumbai, INDIA