Biological & Technological Polymorphic Viruses
In this post I am going to compare the cyber security of an organisation with the overall health of a country, holistically.
If we take the assumption that COVID-19 is akin to a rather sophisticated piece of polymorphic Malware threat, then we can tease out the analogy.
A country consists of two areas at either end of the spectrum – its physical assets, whether these be minerals, lakes, forests, farms, human made infrastructure, and its psychological assets, which can consist of art, science, history, music, laws, community.
Much the same as an organisation, be it a bank or manufacturer, there exits the physical offices, laptops, servers, networking equipment, and on the psychological side, there exits company ethos, policies, culture, software, and its digital IT ecosystem.
So we can see that a company is really a miniature town that lives and breathes by its employees.
Now what happens when that country, or indeed miniature town is beset by an attacker.
In the current global climate the attacker is COVID-19, a sophisticated, polymorphic virus that inhibits the respiratory capabilities of the populace.
Many governments have taken the approach of a hard quarantine. While in China this has worked well, perhaps the West may see a different outcome.
Ultimately a human being consists of again two poles. Its biology and its psychology. Merely taking the approach of stopping the virus threat from spreading from host to host, will endanger the psychological well being of the populace. Similarly in a company restrictive policies can cause serious staff dissatisfaction, and ultimately people will leave their job.
Human beings have a need to socialise. We have developed in the African Savannahs, where small communities were the name of the game for much of our human adolesance.
In these small communities, the population acted as a self supporting biological and psychological immune system.
Immune systems are an important concept. Why? Because they are strengthed through attrition. A constant dance back and forward between good and bad, wherein the immune system can mature, and fight off threats – its the fundamentals of evolution.
Companies need to look into themselves and see if this is the approach they take with their cyber security. Becuase if you want to evolve, growing maturity is the only way.
Buying expensive EDR, Nextgen Firewalls and other tooling is like taking medication, and attempting to quarantine yourself from the virus. However once you do that, your psychological defences are weakened. Your routines are interpreted – if you didnt do your daily exercise, or had your cigarettes removed would you fare well? Indeed most people know about the Placebo effect, but less about the reverse Placebo effect where a sugar pill can act as poison.
The human immune system, human body, human towns, human countries, and indeed human corporate ecosystems made from kinetic and cyber components need to develop maturity.
As a virus attacks, the body is taught to defend. Vaccines work in the same way. By introducing some of virus purposefully the system learns to defend itself.