As I raise my child, I’m continually amazed at how fragile we are as a species. What’s more, how do animals survive in the wild? Not only do herds of giraffe’s or antelope have to face illnesses, they have to fight off large predators. We’re in a similar situation with cybersecurity. Hackers act in a similar to predators, laying in wait for unsuspecting businesses.
How do animals protect themselves from lions, tigers, and bears? They use the power of the herd. Companies, too, can benefit from herd immunity when it comes to security.
Metcalfe’s law and Reed’s law both discuss how the value and utility of large networks, and in particular social networks, scale exponentially with the number of members. We need exponential improvements in cybersecurity, and herd immunity is how we get there.
From an economic perspective, if enough people and businesses have strong enough security to block certain types of attacks, it makes those types of attacks less effective and consequently less profitable to the criminals who perpetrate them. If an attack is less profitable, it means that even companies that might not have strong enough security will have some protection against that attack, since cybercriminals will invest in the most profitable work.
The stronger and larger the herd, the greater the protection.
For herd immunity to work, a herd needs to be composed of strong individuals who have healthy immune systems. In cybersecurity, this means that as a country, the stronger our cybersecurity is for a larger number of companies, the better off the remaining companies, in particular small businesses who have limited resources. This is why it is critical that information sharing be a requirement from industry groups.
A healthy immune system has five parts. White blood cells attack an infection, but usually that only happens after the damage has already been done. Antibodies destroy foreign substances before they cause damage and compliment the work of the white blood cells. The lymphatic system carries nutrients between the cells themselves and the bloodstream. It has a network of nodes, and the lymph fluid helps trap the foreign substances so that special white blood cells can attack them. Fourth, Bone marrow produces white blood cells, and the tonsils produce the antibodies. Finally, The spleen filters the blood, removes all the old, damaged cells, and helps destroy bacteria directly.
Security is like a company’s immune system. There are five parts:
- External security
- Internal people and processes
- Communication and intelligence sharing
- Employee training and degree programs
- Internal technology protections
There’s more at stake for companies when it comes to Cybersecurity. Whether we are practitioners, vendors, law enforcement, or business leaders we have a responsibility to improve our own security for the benefit of the rest of our communities and our country.