Cyber attacks are like earth quakes
Earth quakes and cyber attacks have much in common. First: The forces are outside of our control and we can not prevent them to happen.
Second: We are not helplessly at the mercy. We can install early warning, minimize destructive effect and recover quickly. But only if we act BEFORE it happens.
Sure, earth quakes are about human live and cyber attacks are so far usually not. Yet I think this comparison is important in order to make it easier to understand the significance of cyber attacks the the options for action.
Of course there are also differences and the most striking one to me is the average frequency of occurence. This vivid direct comparison shows the parallels:
| We have no technology to prevent them to happen, but… | Earth quake | Cyber Attack |
|---|---|---|
| We have prognosis models where they happen most likely | Tectonic models | Vulnerability intelligence |
|
We have sensors that provide early warnings shortly before it happens (sometimes they fail though with false positive and false negatives) |
Seismographs | Vulnerability scanning and threat intelligence |
| We have a scale to compare events about potential damage |
Richter magnitude scale: Ranges from 1.0 to 9.9
|
Severity Score: Ranges from 0.1 to 10.0
|
| …you can do something to minimize negative impact: | ||
| Make you infrastructure stable against this type of force |
Obligatory architecture designs
|
Obligatory security policies
|
| Have trained teams ready to help recover quickly when it happens |
|
|
| Make all people aware on how to save their lives best when it happens |
|
|
