Cloud Vector – Cyber Illness, Infection, and Containment
Humans have long had strong emotions about the sick, infirm, and deformed. The word monster derives from the Latin word for omen, originating from a time when sick and deformed children were viewed as portents of evil. We tend to hide our infirmities for various reasons, some personal and some rooted in historical precedent. It should come as no surprise then, that around half of businesses affected by breaches, ransomware, or other attacks tend to hide their maladies. Less than one-eighth of affected individuals register complaints as victims of a cybercrime.
Though certainly not as extreme as her reputation would seem to indicate, Typhoid Mary was perhaps the most notorious case of a disease carrier who spread illness unwittingly. The Black Death was believed for years to be disseminated by rats, but science has since determined from the alarming rate at which it spread that it was actually people who helped it travel so rapidly. It seems our denial of the stigma associated with disease can last for hundreds of years.
But what happens when a contagious individual is in denial, and wants to avoid the rejection that lies so inherently ingrained in our cultures? They continue interacting until they cannot, or at least cannot hide their symptoms. And they infect others.
Our penchant for helping viruses along has been curtailed greatly—our understanding of the body and the ways it fights disease, plus countless experiments and observations, has in general lengthened our life expectancies. But that turns out only to be true of biological viruses; electronic viruses are experiencing a heyday that hearkens back to the spread of disease in medieval times—only this time the human contact vector is not physical, but virtual.
Instead of gestating—though plenty of precedent exists for cyber threats that bide their time—and gradually flowing through a population, the transfer of virtual disease is near-instantaneous and the potentially affected population outnumbers us by a factor of at least three. Mobile phones are presently the largest threat vector for cyber attacks, and 500+ million NFC-enabled devices pose a looming, untapped vector with dangers we have trouble fathoming.
Our bodies’ immune systems are off-the-charts incredible at defending against biological viruses. Scientists estimate there are about 800 million viruses on every square meter of the planet. While my body and yours don’t seem to be too bothered by a vast majority of these, the body of devices out there is not so immune, and it’s getting worse. Our love for convenience and nifty tech is strong, but our denial of the dangers inherent to the system is stronger—the steep growth curve of cyber attacks and breach news is ample proof that we aren’t doing enough.
Modeling the spread of diseases across the globe has been turned into a popular game—Plague, Inc. In about an hour, one can design vectors and diabolically combine symptoms to destroy the world’s population with a customized disease. This is not so far from the real model of a cyber attack, where the vector is the cloud. Hackers examine the weak points of the target body, create a vehicle for the virus to enter, and set it loose in strategic locations to maximize growth and virulence.
Most attacks take months to be found after they have started to do their work; recovering is another couple of months of effort. Notification laws vary in the extreme; HIPAA violations must be reported withing 60 days for companies over 500 people, but the same regulation gives smaller companies a whole year to say something. California law requires breaches to be reported within 72 hours of discovery—which still might be days, months, or even years after the threat was introduced.
Americans worry about cybercrime more than other crimes, and rightly so—the US is the most targeted region for cybercrime. When we feel illness coming on, we tend to get our shots updated, boost our vitamin and liquid intake, or simply excise the problem tissue. It’s no different for cyber-illness; we update our antivirus, scan for threats, or just remove the affected software or hardware.
If your systems are affected, whether as an individual or as a business, don’t hesitate to divulge that unpleasant truth. Treating an illness early has long been acknowledged to increase one’s chances of survival; conversely, not doing so allows symptoms to get worse, and possibly ends in fatality. The same rule applies in the virtual world. Report your breaches as soon as you know about them. Holding off can mean further damage to your reputation, your customer's data impact, and so much more.
Is This Thing on? The Feedback Loop Inherent in GDPR
Sharing Isn't Caring