The Repercussions of Covid-19 on Cyber Security
Author: Gagana S, MS Ramaiah College of Law, Bangalore
Every aspect of human life has been devastated due to an unprecedented pandemic. The repercussions are of such great scale that it could not have been anticipated. It has affected lives directly and the living and livelihood indirectly. Not to forget is the fact that the pandemic affected the rich and the poor, it did not spare even the privileged class. Though the nature of damage among each class varied, the impact of it cannot be neglected. One such major impact which was not given prime importance was about the threat of cyber security when the entire world was forced to connect virtually! The sad part is that though technology helped us in connecting, it resulted in being the cause of the greatest threat.
In this article I intend to elaborate on why it is imperative to discuss about the cyber security and its prime importance at the time of pandemic. According to the study of the University of Maryland, hacker attacks of computers with internet access happens every 39 seconds on an average which is alarming. Since Covid-19, the US FBI has reported a 300% increase in reported cyber crimes. The percentage of figures quoted run into millions of people and employees which is not given the wide public attention and awareness it deserves. But the fact is that total cost of cyber crime reaches up to $6 trillion by 2021, which makes up a huge part of the economy.
To a large extent it is the IT sector that has always been greatly affected, but in the recent times the healthcare sector has been subjected as a new target. More than 93% of healthcare organizations have experienced data breach and over 57% have had more than five data breaches during the same timeframe.
The Repercussions of Covid-19 on Cyber Security
The surge in communications and the wholesale shift to operate business online have at the same time increased the risk of cyber-attacks by amagnitude. This has had an immediate effect on organizations, changing the ways employees work and bringing with it new cyber risks. The likelihood of cyber- attacks is increasing and the cyber security laws prevailing is not efficient because the organizations are becoming more technologically driven than ever before. Also the nature of threats is changing, as the attackers are exploiting the uncertaintyand unprecedented, situations along with the rapid IT change. Organizations may not be able to effectively respond and recover from cyber security attacks as key employees from security, IT suppliers, and the wider business may be unable to support decision making and response efforts.
This will be true for organizations with lower maturity who rely on key individuals rather than having fully documented and widely rehearsed team. Employees will be required to work with technologies they are not familiar with, potentially resulting in new security risks being introduced. Remote access systems may be targeted by attackers with denial of service attacks, seeking to disrupt business operations or to extort money. Organizations may not effectively detect cyber- attacks as security teams are short staffed or repurposed to support other activities. As the pandemic tests the strength of healthcare systems around the globe, healthcare providers are turning to chat, phones, email and telemedicine portals for remote counselling and diagnoses.
More than 77% of organizations do not have a cyber-security incident plan. It is not just restricted to small organizations. Big tech giants like Equifax, Capital One and Facebook just to name a few take nearly 6 months to detect a data breach. Information such as credit card details, security number, passwords may already be compromised by the time a person has notified. 43% of cyber- attack target small business Fraudsters are well aware that many companies and their employees have opened the door wide to hacking. Cybercriminals are using the heightened digital footprint and traffic to find vulnerabilities, or to siphon off money. They are launching Covid-19-themed attacks in the form of phishing emails with malicious attachments that drop malware to disrupt systems or steal data and credentials. Attackers are creating temporary websites or taking over vulnerable ones to host malicious code.
They lure people to these sites and then drop malicious code on their digital devices. Fake websites have also been soliciting donations for daily wage earners through email links. Some Covid-19 patient count-status apps and links are laden with viruses and identity theft malware. Remote working tools such as videoconferencing systems have been hacked for vulnerabilities; recent examples on Zoom are alarming. Vulnerabilities may be introduced as security basics such as patching are neglected, due to resources being refocused elsewhere. Regardless of global events, security vulnerabilities continue to be discovered in IT systems and continuous efforts are required to ensue these are addressed before attackers are able to exploit them.
In this new environment, cyber security professionals must aggressively confront the risks. They need to make their company’s remote workforce aware of scams, and train them how not to fall a victim to it. Support people to work safely and securely at home. Employees should be able to ask for support and report any concern online. The laptops and servers of the employees should be reviewed, and ensure that they have security controls including full disk encryption, anti- malware protection, data loss protection etc. Cloud based security and platform services must be used. They let companies increase the depth and breadth of security protection rapidly.
The major question that arises is what next? With the new normal and the day to day activities resuming normally there is no end to the attacks. New cyber-risks that appeared during the pandemic must be addressed and solutions need to be found out. Corporate IT security architecture should be reassessed which includes access mechanisms and support needs for remote access. Threat detection and response capabilities must be supported by next-generation technologies like artificial intelligence and machine learning.