Algirde Pipikaite Project Lead, Governance and Policy, World Economic Forum
Nicholas Davis Visiting Professor in Cybersecurity, UCL Department of Science, Technology, Engineering and Public Policy; Associate Fellow, Global Fellowship Initiative, Geneva Centre for Security Policy
The COVID-19 pandemic poses the risk of increased cyberattacks.
Hackers are targeting people's increased dependence on digital tools.
Strategies to maintain cybersecurity include maintaining good cyber hygiene, verifying sources and staying up-to-date on official updates.
As the coronavirus pandemic continues to disrupt global health, economic, political and social systems, there's another unseen threat rising in the digital space: the risk of cyberattacks that prey on our increased reliance on digital tools and the uncertainty of the crisis.
Here are three reasons robust cybersecurity measures matter more than ever.
1. A heightened dependency on digital infrastructure raises the cost of failure.
In a pandemic of this scale - with cases of coronavirus reported in more than 150 countries - dependency on digital communications multiplies. The Internet has almost instantly become the channel for effective human interaction and the primary way we work, contact and support one another.
Businesses and public-sector organizations are increasingly offering or enforcing “work from home” policies, and social interactions are rapidly becoming confined to video calls, social media posts and chat programmes. Many governments are disseminating information via digital means. For example, the UK has made digital the default mode of communication, instructing citizens to rely on official websites for updates to avoid flooding phone-based information services with requests.
In today’s unprecedented context, a cyberattack that deprives organizations or families of access to their devices, data or the internet could be devastating and even deadly: In a worst-case scenario, broad-based cyberattacks could cause widespread infrastructure failures that take entire communities or cities offline, obstructing healthcare providers, public systems and networks.
Just in the past few days the Coronovirus statistics site Worldometers.info and the US Department of Health and Human Services have both been the target of cyber attackers with the intention to disrupt operations and information flow.
2. Cybercrime exploits fear and uncertainty.
Cybercriminals exploit human weakness to penetrate systemic defences. In a crisis situation, particularly if prolonged, people tend to make mistakes they would not have made otherwise. Online, making a mistake in terms of which link you click on or who you trust with your data can cost you dearly.
The vast majority of cyberattacks - by some estimates, 98% - deploy social engineering methods. Cybercriminals are extremely creative in devising new ways to exploit users and technology to access passwords, networks and data, often capitalizing on popular topics and trends to tempt users into unsafe online behaviour.
Stress can incite users to take actions that would be considered irrational in other circumstances. For example, a recent global cyberattack targeted people looking for visuals of the spread of COVID-19. The malware was concealed in a map displaying coronavirus statistics loaded from a legitimate online source. Viewers were asked to download and run a malicious application that compromised the computer and allowed hackers to access stored passwords.
3. More time online could lead to riskier behaviour.
Inadvertently risky Internet behaviour increases with more time spent online. For example, users could fall for “free” access to obscure websites or pirated shows, opening the door to likely malware and attacks.
Similarly, there could be hidden risks in requests for credit card information or installation of specialized viewing applications. Always, and especially during the pandemic, clicking on the wrong link or expanding surfing habits can be extremely dangerous and costly.
Image: World Economic Forum
So what can we do?
Just as addressing the COVID-19 pandemic requires changing our social habits and routines to impede infection rates, a change in our online behaviour can help maintain high levels of cybersecurity.
Here are three practical actions you can take to stay safe online:
1. Step up your cyber hygiene standards.
In addition to washing your hands after every physical contact to prevent the spread of COVID-19 and using an appropriate alcohol-based cleaning solution on your phone, keyboard, game controllers and remote controls, take the time to review your digital hygiene habits. Check that you have a long, complex router password for your home wifi and that system firewalls are active on your router. Ensure you’re not reusing passwords across the web (a password manager is a great investment), and use a reliable VPN for internet access wherever possible.
2. Be extra vigilent on verification
Be far more careful than usual when installing software and giving out any personal information. Don’t click on links from email. When signing up to new services, verify the source of every URL and ensure the programmes or apps you install are the original versions from a trusted source. Digital viruses spread much like physical ones; your potential mistakes online could very well contaminate others in your organization, an address book or the wider community.
3. Follow official updates
Just as you pay attention to trusted sources of data on the spread and impact of COVID-19, be sure to update your system software and applications regularly to patch any weaknesses that may be exploited. If at any stage you feel that the advice you’re being given sounds bizarre - whether the virus threat is offline or digital - search the Internet to see whether others have similar concerns and look for a well-known site that can help verify the legitimacy of the information.
Everyone’s personal behaviour is instrumental in preventing the spread of dangerous infections both online and in the physical world.
License and Republishing
Algirde Pipikaite, Project Lead, Governance and Policy, World Economic Forum
Nicholas Davis, Visiting Professor in Cybersecurity, UCL Department of Science, Technology, Engineering and Public Policy
This is an Op-ed article. The opinions expressed in this article are the author’s own. The GCSP does not endorse views, opinions or conclusions drawn in this post.