In medical terms, Patient Zero is loosely defined as the first human infected by a new or recently discovered viral or bacterial outbreak. The term has found its way into the IT security lexicon where its corollary is the first individual to be infected by a new malware strain, or the first victim in a phishing campaign.
It brings to mind a scenario where a single individual is initially infected and rendered contagious. This “patient zero” then comes into contact with others who also become contagious, and in turn, infect multiple others. The illness spreads logarithmically until medical experts are able to cure the disease or limit its propagation. This can take months or years, because even with the luxury of modern medical science, infectious diseases are difficult to treat or cure. Before it is contained, a new virus or bacteria can sicken untold numbers of individuals.
When we refer to patient zero in IT terms, many entertain the notion that if an individual is infected by a new malware strain, or clicks on a new malicious web link, today’s state-of-the-art security solutions immediately respond and effectively eliminate the threat. The reality, however, is more analogous to infectious disease.
Today’s security solutions rely on detecting good vs. bad. Although we have a solid understanding of what is good and bad today, we have no way of knowing what will be good and bad tomorrow. And just as it takes time for medical experts to develop a cure or treatment for a never-encountered disease, so does it take time for security products to develop defenses against new exploits. Even with technologies such as machine learning and Artificial Intelligence (AI), there can be a day, week, or months-long gap between initial “patient zero” infection and effective mitigation. During that time, many others can fall victim to the attack. We need to understand that the IT patient zero actually represents tens, hundreds or even thousands of infected devices.
Polio and smallpox impacted a significant portion of the world’s population before they were finally contained. That containment came in the form of a preventative vaccine. What better way to stop a disease than to prevent it from ever happening in the first place? The same holds true for IT security. Because we will never be able to detect every new malicious web link, malware exploit, or email, as with medicine, prevention holds the key.