#CSAM2021. PHOTO: Cybercrime Magazine.

Cybersecurity AND Breast Cancer Awareness Month

Danger can lurk in our bodies as much as it can in our networks

Gily Netzer

New York, N.Y. – Oct. 20, 2021

In October, my worlds merge. The tenth month of the year is both Cybersecurity Awareness Month and Breast Cancer Awareness Month, and the convergence of physical health and cyber health is something that saved my life.

I’ve been a cybersecurity professional for years, leading a team of experts at a successful security posture management company. I talk all day about threats you may not realize you face and methods for continuously validating and optimizing security posture.

But life, health and cybersecurity share a common thread: danger can lurk in our bodies as much as it can in our networks. A while ago, I decided to adopt the measures I apply in my work and put them to the test on my body. I ran a security validation test on my genetic makeup and learned that I carry a mutated BRCA1 gene. A mutated or “broken” BRCA1 gene can increase the risk for cancer, especially breast cancer.

I had been, walking through life, oblivious to the menacing security weakness I carried. I was unprotected to breaches, and vulnerable to attack. For too long, I had left myself exposed.

Despite the overwhelming discovery, I felt lucky to have caught this liability in time to take measures that reduce risk. Women in this situation need to consider mastectomy, oophorectomy and ongoing preventive tests like MRI. When it comes to women’s breast health and the BRCA1 gene, taking the necessary procedures will dramatically reduce risk of breast cancer, from 85 percent to only 5 percent (while women who do not carry the mutation have an 11 percent probability of falling ill).

Whether it’s your company’s health or your personal health on the line, there is never room for guesstimating. For me, these preventative measures were completely rational, risk-related decisions in order to save my life. On one of the first nights after my discovery, finding it hard to fall asleep, the analogy between my own health and the health of a company’s security infrastructure became clear. I knew I would want to share this, to raise awareness, with everyone who can take the precautions.

Shifting back to cybersecurity, infrastructures are compromised of individual security solutions, tools, controls and policies. When any of those are misconfigured or malfunctioning, the result can be a disastrous compromise and breach. We control against this by defined, proven attack scenarios and campaigns that evaluate a company’s security posture and offer mitigation tips to manage the required optimization.

DNA, meanwhile, is the hereditary material that each of us is composed of. It is made of genes like BRCA, which is responsible for suppressing tumor growth which helps repair DNA breaks that can lead to cancer. Just like security controls, genes can break or have a mutation. And a mutated BRCA1 gene increases the risk for breast cancer (for men as well). We control against this risk by defined, proven measures that mitigate the body’s security posture. In this case, we save lives.

Lately, throughout the time of my own discovery and response, I was astounded by the similarities with my professional duties. The dynamic nature of information security today, with frequent shifts in infrastructure, systems, policies and business applications, causes a constant drift. Security is dispersed across cloud and on-premises infrastructure. It is integrated in one-source code and reliant on SaaS and third-party supply chains. These factors lead to an ever-changing, constantly unstable company security posture.

Even if at a certain point all solutions, processes and policies are tuned to 100 percent efficacy, security posture continues to mutate. Cracks and loopholes continue to be created by the nature of digital transformation, M&A processes, remote working and BYOD. Unfortunately for many companies, cybersecurity related decisions are based on assumptions or models and not enough on security posture data visibility and facts.

Health is always our number one priority; whether it’s our company or our body-mind (or that of a loved one).  Every day, each of us decides whether to continue as is, or to choose to know, act and improve our lives.

Genes like BRCA repair automatically DNA behavior that may lead to uncontrolled duplications that result in cancer. Despite the many years and all resources invested to date, there is no equivalent self-repairing mechanism in cybersecurity. That only makes continuous security posture management more crucial for organizations that care about their customers, their intellectual property, their brand reputation, having their stock drop, or paying fines to regulators. 

Here are a few questions to ask (there are many more) yourself in order to make sure you’re able to manage and optimize your company’s security posture and reduce the risk for a breach:

  • Can I verify we are protected from the latest threats and advanced attacks?
  • Do I have visibility into all exposures and threats? Are they all detected and reported?
  • Was the security policy we decided on really enforced?
  • Can my team exercise purple teaming at all maturity levels?
  • Does my investment strategy pay off?
  • Am I able to run an authentic and objective product evaluation?
  • Can we discover how an adversary can breach our network?

For me, I always choose to know. I took the test, discovered the weakness in my BRCA gene, and responded with corrective measures to assure my own continuity. We keep our assets safe by proactively testing and mitigating. This October let’s make a vow to keep our assets — bodies and companies — safe in the same way.

Gily Netzer is CMO at Cymulate

Sponsored by Cymulate

Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.

Cymulate was founded by an elite team of former IDF intelligence officers who identified frustrating inefficiencies during their cyber security operations. From this came their mission to empower organizations worldwide and make advanced cyber security as simple and familiar as sending an e-mail. Today, Cymulate is trusted by hundreds of companies worldwide, including leading banks and financial services.