8 Lessons From COVID-19 For Preventing Cyber Attacks

Preventing cyber-attacks is a difficult, but not impossible challenge. Nearly 80% of all intrusions are known and documented tactics repeated over and over again because they work. Criminal just need to exploit one vulnerability. Defenders need to protect against all of them.

Prevention requires a relentless commitment to vigilance along with continuous training infrastructure modernization, digital transformation and a pledge to follow security policies and practices. How confidently can you answer these questions?

• What is at stake if your assets or intellectual property are stolen?
• Will you be able to restore customer trust if personal data is compromised?
• Can you survive a resource outage that lasts an hour? Day? Week?
• Are you protected against ransomware?
• Does everyone in your organization know they are responsible for cybersecurity?

At stake is your organization’s survival. Trust can only be built with data integrity and confidentiality. Nothing less than 24x7 availability is acceptable. Business recovery and continuity planning are the answers to ransomware. With more than 3 million open cybersecurity jobs at the start of 2021, everyone has responsibility for cybersecurity. It takes a village of security champions.

You can increase security literacy in your organization by following a few simple lessons. Sadly, 2020 taught each of us the virtue of thinking like an epidemiologist. We’ve learned more about viruses, antibodies and vaccines than most of us wishes to admit. As we progressed along our learning curve, interesting similarities took shape between protections against COVID-19 infection and efforts to prevent cyber-crimes.

We experienced wave after wave of viral surges and failure after failure at performing what we knew to be effective preventative measures. Recent approvals of MRNA vaccines have boosted our enthusiasm for reducing viral spread. By applying some of the lessons we learned fighting COVID-19, we might be able to make progress towards better cybersecurity.

1. Be careful with what you share: Watch for phishing attacks seeking access to credentials or confidential information. Protect intellectual property and data from deep-fake intruders.
2. Don’t become a super spreader: Don’t open e-mail attachments from strangers. Never forward anything you don’t trust or can’t completely verify. Ensure privacy settings are up-to-date and active.
3. Social distance: Segment networks and databases. Don’t follow the crowd and use Open-Source code without security testing. Create distance in the Software supply chain. Remember SolarWinds.
4. Wear a mask: Invaders will exploit even the smallest openings and vulnerabilities. Cover exposures with strong firewalls and current threat detection programs.
5. Sanitize everything: Encode and encrypt all sensitive data and confidential information.
6. Wash frequently and completely: Keep up with security patches and new software releases.
7. Vaccinate until herd immunity is achieved: Everyone needs to increase security literacy and stick with the training. Security awareness, like antibodies, may not last long.
8. Expect more severe variants and mutations: Invest in digital transformation and technology modernization. Model threats and responses.

Prevention is the most cost-effective approach to fighting back against cyber-attacks. Threats that can’t be prevented must be detected, assessed for damage and mitigated. It’s a lot loke putting the toothpaste back into the tube once an invader has been detected. The extent of the damage may be widespread.

Build these skills to support prevention:

• Cross-organizational security literacy in basic principles.
• DevSecOps to integrate security into every phase of the software development and delivery process.
• Hands-on experience identifying security threats by industry and job role at a Cyber Range.

Skillsoft offers books, self-paced instruction, live online and recorded bootcamps, hands-on practice experiences with Cyber Ranges, and more to match the learning preferences of budding security champions. This list summarizes Skillsoft security offerings:

• 200+ hours of new security content
• Four security-oriented role-based journeys
• Library of approximately 3,000 books covering methods, practices, and techniques
• 35 channels with security content and 24 hands-on practice labs
• CompTIA Bootcamps (live online and on-demand)

Learners have an opportunity to assess skills after completing each Skillsoft course of study.

Skillsoft content partner, Security Innovation, provides a powerful learning experience that challenges a learner’s understanding of security in a fun, yet highly instructive way. Security Innovation offers a Cyber Range with a gaming-like approach to demonstrate mastery of security topics in real-world situations. Research shows that the Cyber Range is most effective at reinforcing concepts than alternatives.

• An Executives Guide to Security: Understanding Security Threats
• Aspire Journey: Security Analyst to Security Architect
• Secure Agile Programming: Agile Techniques
• Cloud Security Fundamentals: Cloud Application Security
• Penetration Testing Fundamentals
• Aspire Journey: Security Threat Intelligence