Corona isn’t the only virus in the world of course. There’s the old-school computer virus, which has been around for decades and keeps morphing and adapting. We chatted with BAE Systems to understand the close parallels between the two threats.
Covid-19 is like many viruses in that it mutates and adapt to new circumstances as it travels. A recent study in Ireland found that unlike regular flu, Covid-19 forms tiny blood clots inside the lungs, which restricts oxygen supply.
That in turn means patients with, say, a lung condition like COPD (chronic obstructive pulmonary disease), or a heart problem, are especially vulnerable.
But how does the virus `tell’ those cells to form blood clots? Well, another piece of scientific research found that Covid-19 uses the protein cells inside the nasal passages to gain entry, using the RNA protein in the virus itself.
Insurance Edge isn’t a scientific journal, but our understanding is that the RNA – the messenger cells that tell stuff to grow or change – somehow tells the cells inside the nasal passages to open the doorway.
OK you’re thinking, that’s interesting, but what does this have to do with insurance? Well cyber attackers behave in same way. They have a DNA profile, in that they tend to use the same methods of attack, but the RNA twist is that they’re using Corona to gain entry into broker, MGA and insurer systems right now.
If you think of the new normal, with remote teams of staff all working at home, answering emails on different devices, and viewing forwarded customer messages via new channels, then you have that RNA messenger cell opportunity for hackers. By imitating others, copying website urls and adding a slight change maybe, they’re seeking to unlock the door.
One way to counter those ever-changing threats is adaptive defence, which basically means checking and re-calibrating your cyber systems to cope with new attacks.
Simon Viney, Cyber Security Financial Services Sector Lead at BAE Systems said:
“There has been quite a lot of talk over the past few years about adaptive defence – the ability for a security product to self-adapt to new threats. There is still a pervading attitude of old-style big bang engineering fixes to security.”
But he warned: “We should be wary of this analogy and approach, which suggests that we can somehow put a product in, sit back, relax and let it magically cope with all the changing scenarios.
“Even the human immune system needs a fair bit of help. We develop vaccines, we respond to environmental changes like going on holiday (self-inflicted) or CV19 (an external threat) with more precautions in our daily lives. And healthcare outcomes are significantly linked to human behaviours, e.g. known risky actions like being overweight or smoking.
“Cyber is analogous in many ways. We need to respond to environmental changes, either self-inflicted, like network changes, acquisitions/mergers, home working or external threats. We also need to take into account staff behaviours; how employees and customers use your systems can also significantly introduce risks just like in the healthcare analogy. You can’t just develop an in-house vaccine via software and think that’s it, problem solved.”
A good cyber defence strategy, then, means understanding partnerships at a deeper level. You have to consider how up-to-date third party supplier companies are in their data security. Making sure that you recognise the most targeted attack points, or suspicious patterns of data flow, is directly comparable to the Covid-19 virus attacking particular cells in the human body, and utilising that weakness to cause damage.
In that regard, you need to consider modifying your company environment to protect yourself. The way people do things at work is just as important as the IT software package that’s in place to deter hackers and email phishing expeditions.
Perhaps the most important lesson from Covid-19 is that track and trace is vitally important when it comes to protecting the public – and the same goes within a large company. Identifying a threat is good, but taking immediate action to isolate and deal with the threat is what makes the crucial difference.