New York declares measles emergency (New York Times)
6 more Hong Kong residents infected with measles, government says (SCMP)
The above two headlines appeared at different end of the world - one in New York dated 9 April 2019 and another in Hong Kong - dated 26 March 2019. This ongoing measles outbreak on both sides of the world is causing health authorities across the world great anxiety. Thanks to an effective vaccine, measles was supposedly eradicated in most countries back at the turn of this century. According to a new UNICEF study, global measles cases increased by nearly half from 2017 to 2018.
Why are we bringing this up when this column is about cybersecurity?
Because the intensity of this outbreak and its ability to spread infectiously across the world, seemingly crossing borders at will, undetected and infecting everyone that it comes across, is eerily similar to the characteristics and path of destruction that a malware/virus can do to computer networks across the world.
The measles virus are akin to the malware and other malicious viruses created by the hackers. People are the computers and all other internet linked devices. To minimise risks of being infected with the measles virus, all human at infant stage are encouraged to be vaccinated. Similarly computer networks and all other internet linked devices are installed with anti virus software. In a computer network. even after you have installed anti virus software and firewalls etc, it does not means you would not be attacked in a cyber attack. Similarly, no vaccine is 100% effective, and it is therefore always possible to get a disease even though you are vaccinated against it. But if you have been vaccinated, there is only a small chance of you getting infected with measles.
Why is there an outbreak now when it was supposedly eradicated with the availability of vaccines? The outbreak is mainly caused by some people in some countries who due to certain beliefs, are against vaccinations. Without vaccinations, there is always a high possibility that the populations in that particular section of society would contract and develop measles. So when these people travelled to places outside their sector, they will bring these viruses to the new places. At the new places, there could also be people who have yet to be vaccinated for various reasons e.g., too young, physically incapable, or have similar beliefs as these travellers. As the measles viruses are highly contagious, it would then be transmitted to these people in the new place by these travellers. Vice versa unvaccinated travellers travelling to places where vaccinations are very low amongst the population would contact the same viruses and when they return to their home, they will carry these viruses along.
Notice the similarity of how the viruses are transmitted in this outbreak with a malicious virus in a cyber attack? In cyberspace, this scenario is equivalent to the organisations in the supply chain - especially smaller organisations who has limited resources and budgets to undertake mitigative measures to protect themselves from cyber risks - infecting larger organisations. Unlike human where they must come into contact with an infected person before the measles can spread, a computer virus spreads faster because all the devices are linked online perpetually to one another in a borderless environment.