What Herd Immunity Can Teach Us About Cybersecurity
When talking about how to control the spread of disease, epidemiologists often reference the concept of herd immunity. According to Johns Hopkins, “when most of a population is immune to an infectious disease, this provides indirect protection – or herd immunity (also called herd protection) – to those who are not immune to the disease.” In other words, herd immunity is the idea that by building an extensive base of recovered infections, the disease will eventually stop spreading because fewer people will be vulnerable.
Can the same be said for cyber infections? Cyber Florida’s Associate Program Director Ernie Ferraresso explains the parallels between the current COVID-19 situation and cybersecurity and analyzes how we can translate COVID-19 preventative steps into cybersecurity to achieve “cyber herd immunity.”
How Preventative COVID-19 Measures Translate to Cybersecurity
The safety procedures that we are currently practicing for COVID-19, such as social distancing and wearing protection in public, are all necessary measures to reduce the spread of the virus. Similarly, in the context of security, there are safety measures that, if upheld by a large portion of society, can reduce the spread of cyber infections and potentially lead to herd immunity against cyberattacks.
To reduce the spread of infection from any type of virus or disease, the first step is increasing general public awareness about the risks of exposure. In the case of COVID-19, this includes educating the public on how the virus spreads and encouraging people to practice social distancing when in public. In the context of cybersecurity, general awareness takes the form of educating people about potential online risks such as phishing scams or the importance of using unique passwords as a means of preventing “infection.”
“The main goal of general awareness with cybersecurity is to make individuals aware of how they are at risk of being ‘infected’ by being susceptible to cyber scams. How do we inoculate people against these infections? Well, you make people aware of them,” said Ferraresso.
If enough people are aware of the dangers, spot nefarious links, and avoid them, then that attack becomes less effective and diminishes the benefit to the criminal. The criminal will eventually stop employing that method, and society will have developed a form of immunity to that attack. Additionally, many cyberattacks use victims’ devices to perpetuate the attack, hijacking email accounts to send malicious emails to victims’ contact lists. If fewer people engage with these malicious emails in the first place, then fewer will be exposed as a consequence.
So, other than increasing general awareness of potential risks, what steps can we take to move towards cyber herd immunity?
Ferraresso makes the point that there are two main ways to go about achieving herd immunity in the cyber world. First, there are the technical steps that can be taken, like patching your security system or ensuring your network is more secure with up-to-date antivirus, that will help protect your devices if they are targeted by cybercriminals. “These technical steps may be kind of like getting your shots. It generally involves going to seek somebody’s help in order to strengthen your system,” he said.
Then there are behavioral precautions that are even more important and help prevent people from becoming a victim to cybercrime in the first place. These behavioral precautions could include steps like using unique passwords, refraining from clicking links in unsolicited emails, or simply being skeptical of what’s being sent to you. If every individual utilized these technical and behavioral precautions to ensure that their respective systems are protected from cyberattacks, eventually the effect of these attacks will be reduced, and the overall public will be less susceptible to these infections.
“These changes are going to not only help your cyber systems from being infected, but they will also help you fight the sense of disinformation and misinformation that’s being put out there,” said Ferraresso. “If people have that healthy sense of skepticism about what they are receiving, it will reduce the impact of these attacks.”
The spread of COVID-19 has brought to light the many similarities between living in the physical and cyber world. In today’s environment, where most of us have transitioned our lives online, it’s crucial to ensure that you are taking care of your cyber health just as much as your physical health. As we continue to take the necessary steps to help reduce society’s vulnerability to this disease, consider how you can translate the preventative measures for COVID-19 to your cyber life to ensure that, one day, we achieve cyber herd immunity and reduce the impact of these infections.