Virtualization Technology News and Information
A threat intelligence lesson from an unlikely source: experiencing COVID-19

By Robert Cataldo, Managing Director Kaspersky

Earlier this year, I became a statistic, joining the millions of people worldwide who have tested positive for COVID-19. 

While I had a general sense for what to expect for symptoms, the entire experience left me with a different outlook on this virus. My experience was tough, but I'm sincerely grateful my family and I came through it okay and my heart breaks for the families of the nearly 3 million lost and millions more who continue to suffer through it. 

Working in the cybersecurity industry, I couldn't help but draw parallels between the uniqueness of the human bodies' defenses against COVID-19 and the continually growing variety of unique digital threats and an organizations' ability to confront them.   

Prevention is still the Holy Grail

Many people, myself included, have gone to great lengths to try and avoid COVID-19 - PPE, hand hygiene, social distancing, isolation, capacity limitations, contract tracing, etc.  Heck, for the first 2-3 months of the pandemic last year, I wore gloves into stores. 

Much in the same way, we see businesses that prioritize cybersecurity and make substantial investments in prevention technology, still being infected by the ever-evolving cyber adversary.  So if some illnesses and digital threats are inevitable, why bother with preventative measures? 

The obvious answer is that our best efforts at prevention, in both the biological and technology spheres, can indeed be effective against most threats.  And if employed properly, it allows us to stack the odds against our perpetrators.

But what then do we do when we suspect prevention has failed and we're infected?          

Mitigation strategies at home

Fortunately and unfortunately, my symptoms were a good indication that something wasn't quite right. I began to ponder the impact this could have on me, my family and the various obligations I had in the coming weeks.

If I indeed had COVID-19, was it too late to take steps to prevent exposure to my family? What will our symptoms be and how will we know if we're in need of medical attention?  Can I line up resources at work to fill in for video recordings, presentations, business reporting and forecasts due in the weeks ahead? In a way, I was going through my own risk management process, albeit much too late in the game. 

After processing the what-if scenarios and coming up with as many mitigation approaches that I could, I went and got myself tested. And within 24 hours I had my positive diagnosis. Let the mitigation plan commence. 

When I relate this process to businesses and their security strategy, I can't help but have a deeper appreciation for the more formal version of risk management that I went through as a reactionary exercise.

Moreover, after organizations have conducted their cyber risk management process, I also wondered what it might be like for an information security or security operations team to carry the burden of having to diagnose potential risks in their environment without the benefit of obvious symptoms. 

The miracle of the human body and its reaction to biological intrusion can teach us a lot about how organizations can better prepare themselves for the many risks that unknown, targeted threats can bring to bear.       

Technological and Biological Detection Capabilities

When COVID-19 hit, my body alerted me. I didn't have to think about the countless sophisticated mechanisms going on that caused my body to stage a response and to ultimately trigger sensations that made me feel sick. 

In the same vein, advancements in detection technologies have steadily improved to almost a point of becoming an organization's equivalent of the body's mechanism for producing symptoms of an illness. 

Furthermore, in the same way the body's normally functioning immune system attempts to respond to intrusion, modern day tools such as Endpoint Detection & Response (EDR) enable response capabilities - automated or manual. In either scenario, early detection is the key to mitigating the impact of intrusion. 

In my case with COVID-19, immediate detection led to immediate testing and a positive diagnosis shortly thereafter. This ultimately allowed me to make all the safety and general life-related preparations to minimize health risk and disruption. With organizations, early detection of an advanced threat can mean minimizing data loss by orders of magnitude. 

Benefits of Threat Intelligence

Similar to how the cybersecurity industry adapted to prevention-evasion by producing detection and response solutions such as EDR, more and more organizations are coming to grips with the need to evolve and enrich their security strategies to try and mitigate the impact of APTs. But since automation is usually ineffective against this caliber of threat, the art of APT threat hunting requires investments in skilled resources and the knowledge or intelligence to know what to hunt for.

Relating this back to COVID-19, effective tests had to be developed and distributed as a means of widespread diagnosis. In the cyber realm, certain cybersecurity intelligence companies have made it their mission to build a safer world for customers through many avenues including the delivery of specific indicators that allow highly skilled analysts to search and find APTs in their environment. 

To produce these "tests", if you will, providers such as these have developed long-standing track records for hunting and discovering the world's most sophisticated threats. But some of these threat intelligence providers don't stop there.

They also provide comprehensive trainings to share in their methodologies and techniques from years of proven practical experience.  And for those organizations concerned with the risks posed by advanced, targeted threats, but without the means to afford or find skilled talent, certain providers offer a combination of their tools and intelligence as a fully managed service that hunts for these threats around the clock and remediates discovered threats on an outsourced basis.

A Future of Immunity

There are probably endless analogies that can be made between the world of biological and digital threats and the defensive mechanisms in either area of practice. Take a quick moment and consider the comparison of biological immunity, especially given the fascinating vaccination technologies designed to combat COVID-19, to cyber immunity, a concept my company is in the process of making a reality.

Whether or not we'll ever find ourselves in a world where the endless possibilities of technology can be used without the risk of compromise is debatable, but until that dream state is realized, I'm optimistic that high-quality cybersecurity providers and customers alike will continue to learn and improve through the challenges we continue to confront, and that the right partnerships will result in more wins than losses. 

And while I sure hope I don't have to deal with COVID-19 again, having recently been fully vaccinated, I can confidently say that my experience has formed resilience that will no doubt leave me better prepared for the next black swan somewhere down the road.    



Rob Cataldo, Managing Director, Kaspersky North America

Rob Cataldo 

As managing director of the region, Rob is responsible for the company's sales, business development and marketing functions as well as achieving the company's objectives for growth in market shares and profitability. Rob shares management oversight and responsibility for the public relations, customer support, finance, human resources and information technology departments.

Rob brings more than two decades of sales experience to his new role with prior positions held at impressive technology organizations, including Bromium, Gryphon Networks and Sophos. Preceding his role as managing director, Rob was vice president of enterprise sales at Kaspersky North America, during which he was responsible for securing enterprise customer wins and managing the B2B sales team.

Published Friday, June 11, 2021 8:12 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2021>