3 things cybersecurity pros can learn from hurricane preparation
The Atlantic hurricane season brings about seven hurricanes each year, three of which are considered major storms. These devastating events have horrific impacts on the communities in their paths—Hurricane Ian alone cost $100 billion in total losses when it hit Florida last year.
Although we can’t stop these storms from happening, we’ve found ways to reduce their impacts. And while prediction and mitigation efforts aren’t without their flaws, they’ve highlighted the importance of making steady progress toward a goal instead of waiting for a perfect solution. The world of cloud security is eerily similar to hurricane preparedness–here’s how.
Small steps can make big changes
In 1900, a Category 4 hurricane hit Galveston, Texas, bringing storm surges of up to 15 feet and winds more than 130 miles per hour. The hurricane, now known as the deadliest natural disaster in American history, ultimately killed between 8,000 and 12,000 people.
At the time, citizens relied on ships at sea to inform them about storms they spotted; however, this method failed to report how strong or destructive a hurricane could be. This devastating event in Galveston prompted the Weather Bureau (now known as the National Weather Service) to rethink the way they predict and communicate storms.
Today, information about these weather events is readily available. The National Hurricane Center’s website shows frequently updated information about the hurricane, its projected path, speed, maximum sustained winds, and other data. These forecasts prevent about 90 percent of the expected deaths if we had 1950s era technology. And the economic value saved by this technology is about $1 billion annually.
What does weather have to do with cybersecurity?
To state the obvious, hurricane prediction technology didn’t get to this place overnight. For decades, scientists and engineers have been researching new technologies and developing models to give us more precise, localized information about hurricanes. Government agencies have been creating new policies and improving their communication and outreach tactics, while some businesses, organizations, and families have developed their own disaster preparedness plans.
And, for this reason, I believe the National Hurricane Center can teach us several lessons that we should apply to our cybersecurity efforts.
More data makes better predictions
The hurricane forecasting models we have today are accurate because of the massive amounts of data that they ingest from different sources. The National Oceanic and Atmospheric Administration (NOAA) and the US Air Force operate aircraft that gather data from inside and around storms. Satellites snap images of the hemisphere every few minutes. These images allow scientists to track variables like cloud formations and temperature. Weather radar is used to track storm movement such as precipitation and wind speed. Buoys gather data on wave height and water temperature. The data gathered from each of these various sources combine with images of previous hurricanes and data on baseline environmental conditions to develop modern storm prediction models.
So how does this relate to cybersecurity?
When you’re trying to learn about your cloud environment, you need to collect as much data as you can about your applications, APIs, files, processes, services, users, and networks. The more data, the better the models — just like with storm prediction. When it comes to cloud security, agent and agentless approaches each gather different data, which is why you need both to really get the full picture of what’s going on in your cloud. With that information, you can more easily identify vulnerabilities, misconfigurations, cloud audit log anomalies, and unusual account activities.
Data needs context
While the hurricane models are excellent tools for predicting storms, they don’t mean anything without the appropriate context. As Hurricane Ian approached Florida in September, the National Hurricane Center issued key messages alongside the model, so residents that were likely to be affected by the storm knew how to protect themselves. As you can see from the image below, the first message lists several at-risk areas along the Florida coastline and clearly states, “Residents in these areas should urgently follow any evacuation orders in effect.”
When it comes to cloud security, you also need context to properly secure your cloud environment. If something out of the ordinary occurs, you need to know how much risk this issue introduces, if it’s ever happened before, and what you need to do to remediate. Context is a balancing act—if you have too much, you’re not going to pay attention to anything. But if you have too little, you won’t know what to do. The National Hurricane Center gives us a good example of how much context is helpful. We see where the danger is, why it’s a threat, and which action to take.
Awareness and communication are essential
Even if you have the most accurate predictions, they’re worthless unless the right people have the right information. Empowering people with information was at the center of Cybersecurity Awareness Month in October, which is a Cybersecurity and Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCA)-led campaign to raise cybersecurity awareness worldwide. The campaign theme this past year was “See Yourself in Cyber,” which encourages people to understand and take ownership of their role in cybersecurity. CISA and NCA’s prioritize teaching the public about the role each individual plays in cybersecurity and how they can protect themselves, their businesses, and their communities.
This theme is echoed by the NOAA, who also recognized the importance of empowering people with information. The NOAA developed a disaster and risk mapping tool, which helps users visualize the frequency and cost of weather and climate events so they can better understand the risks and vulnerabilities specific to their location. The interactive map shows community residents how susceptible their areas are to hurricanes, floods, tornadoes, wildfires, etc.
The tool was recently enhanced with census data that allows users to see their risks at a community level and with CDC social vulnerability data on socioeconomic, minority, and disability statuses. The map makes it easier to identify the highly vulnerable communities that are most at risk to certain disasters. This way, individuals and businesses can be better prepared, and decision-makers can allocate more funds and resources to those areas.
Similarly, cloud security is a team sport. Everyone has a role to play. While we can (and should) use tools to help us collect data and detect threats, that information will protect no one unless we understand our own risks, listen to security recommendations, and make smart decisions.
How to stay ahead of threats
Hurricanes claimed vast amounts of human lives and livelihoods before we finally learned how to protect ourselves and our communities. But for cybersecurity, that doesn’t have to be the case.
We already have the knowledge, technology, and tools to stay ahead of current and potential cyber threats. Gathering more data to make better predictions, understanding your data, and being aware of risks in your environment will keep you one step ahead of attackers.
To learn more about how Lacework uses your own cloud data to keep your environment safe, take a look at this write-up on our layered security strategy.