ePidemiology: Applying concepts of herd immunity and public health to cyber security

Metaphors for cyber security tend to gravitate towards the adversarial. We break into teams. We assign colors. We talk in terms of warfare. We man battle stations and try to push back against bad guys on active fronts. When discussing cyber security in the mindset of battle, of raiders and defenders, we find our line of thinking entrapped by binary outcomes of victory or defeat. However, framing the conversation in a fresh conceit fosters perspectives that may otherwise elude us.

While stock photo options for warfare are objectively more metal, we would like to investigate cyber security through the lens of epidemiology. Public health is a struggle that does not produce 100% winners or 100% losers. Instead, the goal revolves around mitigating infectiousness to the point that a disease no longer possesses the means to reproduce its efforts en masse, thus undercutting its capability to evolve into more sophisticated strains. This change in victory conditions births discussion of herd immunity.

What is herd immunity?

Herd immunity is a term used in epidemiology describing a secondary line of defense against infection that benefits individuals who cannot or have not gained immunity already. Vaccines are widely regarded as the primary security point against the spread of infectious diseases but thanks to the effects of herd immunity, those persons who cannot receive vaccination find shelter in a majority of the population being unable to spread disease.

Like malware, the first goal of a disease is to spread to the greatest number of hosts possible. A higher percentage of individuals infected by a disease grants that disease better potential to spread to new hosts. However, as the percentage of the population with immunity to that disease grows, the ability for the disease to spread softens.

Simply put, a disease with fewer bridges available to cross is limited in the distance that it can travel. Without delving too deep into epidemiology theory, a concept exists of thresholds that, once crossed, generally spell the end of outbreaks. In some cases, a combination of vaccination and herd immunity has led to the effective eradication of a disease. When was the last case of polio in the United States? The elimination of wild polio strains in certain regions is thanks to the fact that widespread immunity makes it more difficult for a polio outbreak to gain footholds in a human ‘herd’ and even more difficult for an outlier case to spin out of control.

In the past, human populations were concentrated in small, isolated groups. This meant that the extent of outbreaks were limited by geological factors. Spatial limitations no longer come into play in the modern era where humans can travel over mountains, across oceans, and hop between continents in a day’s time. Increased globalization and greater access to remote geographical regions mirrors the growth of interconnected, Internet-connected devices represented by the Internet of Things.

If we think of the Internet of Things as a population, we see a growing potential for infections to spread over new channels and pathways. The threat of more interconnected and heterogeneous mixing pushes higher the necessary threshold to trigger the benefits of herd immunity.

What does this have to do with me?

Framed in the perspective of public health, cyber security is an issue that concerns everyone.

If, like polio, over 90% of the Internet-connect populace were immune to ransomware, what motivation remains for hackers to continue developing exploits and writing malicious code? The cost-to-benefit analysis would be a quick calculation: the risk of deploying a cyber attack would outweigh the peanuts that attackers stand to make off the 5% of computers still exhibiting vulnerabilities.

Ensuring that 100% of devices are exploit-proof is a pipe dream. But if we apply the ideas of herd immunity, we can see that the goal never was absolute immunization. Instead, it would suffice to balance the equation in such a way that cyber crime is an untenable career.

The question then becomes how to make a life of cyber crime unappetizing.

Washing our hands of accountability

There is more to public health epidemiology than distributing vaccines until we pass thresholds.

Consider the signs hanging in bathrooms all around the nation urging people to wash their hands. Spend one winter on a college campus and you’re sure to see plenty of warnings posted about hand washing, sneezing etiquette, and more. Over television and radio we receive public service announcements outlining precautions against the common cold and announcing schedules for flu shot season. Unfortunately, cyber security has no such mass public effort.

wash your hands to be free of cyber crime

Often, the only groups preaching cyber health gospel are organizations that sell cyber security products or the creators of targeted software. This raises a question: where would we be if public awareness campaigns for cyber security were as prevalent as those for physical well-being?

Imagine strolling down a corridor and spotting a sign on the wall asking “Have you updated your firmware yet?”

Imagine a world in which school children were taught about phishing alongside the practice of covering their mouth when they cough.

Imagine if the end of every fiscal quarter heralded radio airtime dedicated to the whens, whys, and hows of data backup.

We may one day consider it myopic that mankind did not charge into the age of information on the wings of federally-funded education and information campaigns. The facts bear out that there is no such public health campaign for our cyber well-being. The onus for protecting our networks rests in our own hands. Despite a mirage of isolation, we find ourselves in a constantly more connected community.

A herd.

Firewalls.com continues to push for a larger umbrella of security for the Internet community not only because it benefits our own security, but that of the entire herd. Everyone has a stake in the outcome of this struggle. Encourage a culture of cyber security in your workplace. Host open discussions about Internet safety measures. Ensure that policies are in place and understood by employees.

While we do not all possess the skills and knowledge to be soldiers in a cyber crime war, we can take steps to provide the herd with a robust profile of immunization.

Whether you’re an organization of three employees or three thousand, you have joined a pool of potential victims. Firewalls.com has the expertise to make that pool a little shallower. Whether it be endpoint security suites, physical appliances, or managed services, cyber security solution providers want to guide you to the vaccines and best practices that simultaneously protect your organization and deny the bad guys another attack vector.


Firewalls.com is a value-added reseller of firewall appliances & a vendor of managed security and Firewall-as-a-Service support. Our engineers are rigorously trained and certified by all of the major manufacturers that we partner with. Whether you’re looking to add an appliance to your security set-up or seek ongoing support from seasoned experts, we can provide the security solutions necessary to get you secure and keep you secure. Contact one of our knowledgeable sales staff to answer any questions you may have about your network, our firewalls, or endpoint protection!

You can also follow us on Twitter and Facebook.