What Cybersecurity Professionals Can Learn from First Responders - Banner

October 28, 2022

What Cybersecurity Professionals Can Learn from First Responders

We’re almost at the end of Cybersecurity Awareness Month. For me, working in the cybersecurity space truly is a rewarding experience. It has been more than just a job or even a career. Working with solutions that protect companies from cyberattacks makes me proud. In some ways, it is a calling similar to the calling felt by many first responders.

Speaking of first responders, we celebrate National First Responder Day on October 28. On this occasion I think about two of my children who are both first responders. My son is a firefighter and paramedic in Maine and my daughter works in a critical care hospital in Boston. This often gets me thinking about the similarities of first responders and cybersecurity professionals. Both professions need to invest a lot of time into training and preparedness.

Firefighters continuously train on the use of their tools and procedures so they are prepared for each event they may face. Similarly, hospital workers train constantly. They make sure they are prepared when someone arrives needing immediate attention. In both situations, immediate action is critical – there is no time for second guessing.

As Ben Franklin once wrote, “An ounce of prevention is worth a pound of cure.” Prevention is the most important aspect of averting danger. According to the National Fire Prevention Association, the risk of dying in a home structure fire is 55% less when working smoke detectors are present. With automatic sprinkler systems, the death rate decreases by 81% and firefighter injuries are reduced by 80%. Having both smoke detectors and sprinkler systems decreases the risk of death by 90%. Being able to take preventative measures reduces the risk of a serious event dramatically.

There is no comparison to the personal dangers first responders face in their roles, but when it comes to preparedness, we as cybersecurity professionals need the same level of heightened awareness. Having the right tools, data, and procedures may mean the difference between a patched vulnerability and a security breach. Like first responders, being able to take preventative measures will reduce the risk of a serious event dramatically.

When I consider the major security breaches of the last several years, I believe that most were preventable had the proper solutions been implemented. Let’s look at a couple of them:

The Equifax breach of 2017

It was caused by a vulnerability for which a patch had already been released. The Equifax team did not notice the unpatched software despite having previously run scans. 650 million records were stolen

The Facebook breach of 2019

It was caused by poorly configured databases on AWS that were left unaddressed for two months.

How using Balbix could have helped prevent these breaches:

In both of these cases, Balbix solutions would have proactively identified these vulnerabilities and automated notification to a patching solution. Let’s look at them one by one.

Cyber Asset Attack Surface Management (CAASM)

Asset inventory is typically scattered across a variety of locations – internal systems, 3rd party tools, semi-stale CMDBs and data lakes – and are only updated on an infrequent basis. Balbix’s CAASM solution would have helped Equifax and Facebook teams to:

  • Quickly discover newly deployed and acquired systems.
  • Track software inventory throughout the organization.
  • Use software version data to standardize and for software lifecycle management.

Risk-Based Vulnerability Management (RBVM)

Balbix’s RBVM solution helps security teams discover, prioritize, and remediate vulnerabilities with greater context and speed; reducing their breach likelihood, time to patch, and time to respond. In the case of the above breaches, Balbix RBVM would have:

  • Inferred vulnerabilities in near real-time based on the software bill of materials (SBOM), and without scanning or waiting for scheduled scans.
  • Identified end-of-life or required software.
  • Prioritized common vulnerabilities and exposures (CVEs) based on threat Intelligence and attributes such as exploitation, threat chatter, malware and ransomware association, and many more.
  • Provided remediation teams with the exact fix or patch for the affected software along with links to vendor articles for further insights.

Cyber Risk Quantification (CRQ)

Balbix’s CRQ solution helps security teams to gain the confidence of their Board of Directors and alignment with executives by measuring cyber risk in dollars, prioritizing and reducing the biggest risks based on the financial impact to the business, and by allowing security leaders to justify their security budget and investments. In the case of the above breaches, Balbix’s CRQ solution would have allowed their security teams to:

  • Report risk to leadership and the Board in dollars.
  • Identify, track, and prioritize critical assets based on groups, tags, and metadata.
  • Evaluate the risk reduction resulting from the addition of security controls by calculating the ROI of new investments.
How Balbix solutions can help in breach scenarios
How Balbix solutions can help in breach scenarios

With all of these solutions, both breaches could have been proactively remediated and even then, if a breach scenario were to have occured, they would have been prepared. This is what makes me proud to lead the customer success function at Balbix. Our tools and our people are extraordinary. They continuously work to ensure our customers’ risks are minimized and all their security tools are effectively used to prepare them for any breach scenario they may encounter.

While I have learned much about preparedness from watching my daughter and son, I cannot compare the level of personal danger they face every day. On October 28th take the time to thank a first responder. While they do not do it for praise, acknowledging the amount of work they put in to keep us all safe is always appreciated. It is also a good opportunity to review how prepared you are when it comes to your personal safety as well as your cyber risk.