I’ve been working at Tripwire for over two decades, and I’ve acquired a fair bit of swag over those years: branded jackets, hats, shoes, a watch, and of course a drawer full of t-shirts. One thing I never would have predicted owning was a Tripwire-branded face mask to protect me from a global pandemic. Over the past year, I’ve worn that face mask more than any of my other swag.

Of course, none of my other swag protected me and others from a highly contagious, deadly virus.

So, the company I work for, which provides software to protect organizations in the digital world, is now providing personal protective equipment (PPE) to me to protect people in the physical world.

This past year and half has been a visceral, public, and clear lesson in risk management and response. We first attempted to assess and understand the risks of COVID-19 – its scope, and its impact. Then, we tried to formulate a response at regional, national, local, and personal levels. As our knowledge and understanding grew, so did our responses and our ability to assess and address the risk.  

When I was recording a recent podcast about the 2021 Verizon Data Breach Investigation Report (DBIR), the conversation got me thinking about how our responses to the pandemic can inform our responses to cyber risk. What can we learn from our pandemic successes and mistakes to reduce the likelihood of a breach?

As someone who has spent a long time in the cybersecurity space, it was easy to apply that language to what was happening around us. Experts saw an outbreak of a deadly virus and began assessing the risk and threat modelling using the available data. Others began advancing their detective controls in order to find and track the danger, (Read more...)