Recent history has illustrated that humankind is very vulnerable to disruptive threats like pandemics, environmental calamities and cyberattacks, to name a few. Experts agree that it is critical to be prepared for a COVID-like global cyber-pandemic that could spread quicker than a wildfire and may have a wide-reaching and devastating economic impact.
The COVID-19 pandemic has forced all countries to adjust to a ‘new normal’ reality with millions of people under some level of lockdown and experiencing travel restrictions (Pew Research Center).
While many think that a vaccine will soon be created and stability and normality will return, it is time to consider other taken for granted aspects that may be affected in future. Reviewing the lessons learned from the COVID-19 pandemic will assist in preparing for cyberattacks that resemble biological viruses that many predict lurk in our immediate future. In this article we discuss some of the lessons identified by Homeland Security Today.
- A cyberattack with characteristics like the coronavirus will spread faster and further than any biological virus.
It is estimated that the average reproductive number or ratio (Ro) of COVID-19 without any social distancing is between two and three. This means that a single infected person may infect two to three other people. However, based on a new study of Chinese data from the CDC, Forbes reports that “A single person with COVID-19 may be more likely to infect up to 5 or 6 other people, rather than 2 or 3.”
Homeland Security Today states that the estimate of Ro of cyberattacks is 27. The 2003 Slammer/Sapphire worm, one the fastest worms in history, doubled in size approximately every 8.5 seconds, infecting more than 90 percent of vulnerable hosts within 10 minutes (Moore, et al., 2003). In 2017, Europol reported that the ransomware ‘WannaCry’ crippled more than 200,000 computers in 150 countries. MalwareTech, the pseudonym for a security blogger, hailed an ‘accidental hero’, accidentally stopped the rogue software’s code with a “kill switch”. The attack exploited a vulnerability in older Windows systems.
“The cyber equivalent of COVID-19 would be a self-propagating attack using one or more “zero-day” exploits, techniques for which patches and specific antivirus software signatures are not yet available” (Homeland Security Today: 2020). Indications are that all devices will be attacked at once with running a single, common operating system or application.
“If the vector were a popular social networking application with, say, 2 billion users, a virus with a reproductive rate of 20 may take five days to infect over 1 billion devices” (Homeland Security Today: 2020). ‘Zero-day’ attacks are difficult to detect and consequently, it would take time to identify the virus and concerted efforts to stop it from spreading. This was evident in the Stuxnet worm attack that nestled in Microsoft’s Windows operating system for 18 months before attacking.