For years we've lived in fear of computer viruses that would cripple our digital infrastructure. Instead, we got a human virus that forced us further into the digital age. In a matter of weeks, remote working became a standard around the world and socializing beyond your household became a virtual activity. While society grapples with this new digital challenge, cybercriminals are seizing the unprecedented opportunity.
“Over the past several weeks, we’ve observed that cyberattacks have increased at a rate of three to five times compared to pre-COVID. Phishing attempts have increased in both frequency and sophistication as threat actors seek to take advantage of the unusual circumstances under which nearly all of us are working. Scams focusing on treatments and cures for the novel coronavirus have been rampant” said Brenda Sharton, global chair of Goodwin’s Privacy + Cybersecurity practice, in an article for Harvard Business Review.
The increase in cyberattacks at such a fragile time for society is extremely concerning in the short and long-term. However, cyberattacks are not a new phenomenon and while the timing underlines the ruthless nature of many hackers, the COVID-Cyber-Crisis only really serves to highlight our inability to prevent attacks. When there are more cyber attacks we suffer more, and when there are fewer we suffer less — our cybersecurity infrastructure is essentially designed to prevent some low-level attacks and make us aware of more sophisticated intrusions as quickly as possible. No cybersecurity system is able to stop intrusions from happening altogether.
“The problem with security is that you can’t win – aim for that and you’ll fail, but if you aim for resilience you can absolutely win, you can take a punch but you keep on going,” says Unisys Chief Trust Officer Tom Patterson. “We’re not able to stop everything, we just need to make sure it doesn’t stop us. Let’s make sure when something happens, we can withstand it, we’re not the frontpage news.”
For now, businesses will just need to take a few extra cyber-punches. However, with a potential “new normal” of regular lockdowns and the recession-driven shift to remote working, companies must prioritize cyber-resilience in the short-term to prepare for what may be just around the corner. Our digital transformation is an on-going process, and as we become more and more dependant on our digital infrastructure, we need to start treating it like the essential service it has become.
“Cyber or digital resilience should be considered essential – like water, gas, and telephone/Internet. Maintaining essential services that keep the lights on, keep people operating in their roles, and keep the digital world safe from attack is critical,” says RedSeal CEO Ray Rothrock. “While most organizations are still sorting out their cyberstrategy, working on fundamentals and reducing vulnerabilities as best they can, the pandemic might have the opposite effect and put cyber spending on the chopping block as organizations struggle to control costs during the economic shutdown.”
There is a growing fear that many hackers have been able to infiltrate secure networks undetected during the crisis to plant malicious code, backdoors, and are monitoring systems. Not for an attack now, when businesses are expecting it, but maybe later when the dust has settled and there is more to gain. Now is not the time to cut cybersecurity budgets for the impending downturn, the post-COVID era could already be one of the worst periods for cyberattacks and even worse if businesses drop their guard.
Cyberattacks can happen at any time to any company, as we have seen over the years. Our vulnerability increases every year as we become more cyber-dependant, as one major part of our society after another is digitally transformed. Formal communication was the first to be digitalized, back in the 1990s, banking and social communication then followed in the 2000s. COVID-19 struck during the on-going process of digitalization buildings and utilities, including remote work among many other technology-enabled trends. It is these emerging digital spaces that are now the most vulnerable.
“In a world where our buildings are connected for the greater good of the inhabitants, we need to remember the ways these efficiencies create risks. As we distance ourselves from co-workers and stay safe from home, we need to remember that the connectivity empowering public safety also opens up our businesses and our industries to threats,” says Noelle Brisson, managing partner for SONRO Real Estate Services and Americas Board member for RICS, in an article for CP Executive.
“We shouldn’t look at this as a reason not to stay connected — the benefits far outweigh the risks — but we should use this as an opportunity to make sure that we’re being smart, secure and current in our policies and practices. Cybersecurity is no longer just an IT concern; it is a risk management issue where everybody plays a role.”