Cybersecurity post COVID-19: What Governments Must Do

The outbreak of the COVID-19 pandemic pushed the world to a reality few were prepared to face. With business operations shifting completely online and office workers logging on from their homes, no one anticipated the threat of cyberattacks and cybercrimes. In a secured office network, the IT department is responsible for ensuring the safety of the network as well as patching up any vulnerabilities that may pop up in the software ecosystem of the organization.

The most vulnerable chink in the cybersecurity of an organization are the humans working there. People are susceptible to malicious emails and more often than not click on malicious links that redirect them to phishing websites or download a file into their computer that has a hidden virus or trojan. If even a single computer is compromised in a network, the hackers can then infiltrate the remaining network and access sensitive company data or simply lock out people using ransomware.

The Pandemic Boom

According to Interpol, after the COVID-19 outbreak, cybercriminals have shifted their focus from small businesses and individuals to major corporations, large businesses, government departments, and even critical infrastructure like healthcare. Since every organization is dealing with remote working options, as everyone is being forced to work from home, there has been a significant increase in security risks. The employees are no longer using secure office computers but their personal computers which are vulnerable and have not been vetted by the cybersecurity teams. Adding on to the fact that employees are using their personal internet connection through wireless routers, which have very basic data security and encryption of traffic, it is quite easy for someone willing to look around to find access to sensitive data.

As opposed to the LAN in an office which is secured and regularly monitored by the cybersecurity team, home networks and systems are not secured and susceptible to phishing campaigns and downloading malicious from unknown links into their computer.

Cybercriminals have also been attacking the healthcare sector with ransomware. Healthcare institutions have become the target of choice for ransomware as they can lock out critical systems which can put the lives of hundreds and thousands of people at risk and thus the institutions are coerced to pay the extortion.

Organizations are now facing more than 20,000 vulnerabilities because of the widened network perimeter and must identify all flaws within the devices connected to their network and create a model to understand possible attack points so that they can be prepared. There has been a 50% increase in mobile vulnerabilities and a 72% increase in ransomware attacks. In the US alone, 800 to 1500 businesses were affected by ransomware attacks that were related to a single IT firm with the hackers then demanding $ 70 million for restoring the data and access. This further highlights the vulnerabilities and repercussions on a business ecosystem if even a single link in the chain is compromised.

The major driving reason behind the pandemic boom in cyberattacks is the theme of these cyberattacks. Hackers have realized that people are more susceptible to opening malicious links or downloading suspicious files if it seems to be related to COVID-19. The lack of information drives people to click on malicious links to learn more about the COVID-19 pandemic while their personal systems become host to viruses and remote access trojans which then spread from their computers while collecting sensitive data. Hackers use trustworthy names or official disguises and messages with subject lines related to COVID-19 to fool people into thinking that they are getting information from a legitimate website or file and thus are more prone to provide personal details or just download a malicious file onto their PC.

Upgrading Your Cybersecurity

Cybersecurity is neither cheap nor easy. We live in a world of constant technological innovation, but cybersecurity takes time to upscale as compared to GAAP technology (Government as a Platform). The major challenge is that of dealing with the increased phishing and malware threats. Organizations must actively discuss and create a policy to ensure data protection and cybersecurity measures for employees working remotely on their personal computers and mobile devices.

There is also the need for upgrading digital systems within an organization to limit the amount of access and data a remote working employee can access. There needs to a be suitable network and system architecture that can support remote working with enough scalability capabilities.

Switching to virtual space and remote working conditions exposed a lot of issues with the digital capabilities of many organizations and negatively impacted their ability to function and offer services. A complete overhaul or a significant upgrade to ensure operational capability during the pandemic, as well as future-proofing against any emergency circumstances, should be the focus for the cybersecurity industry and experts.

What Should the Governments do?

The COVID-19 pandemic has led to a sudden increase in digital transformation across sectors. Digital public services have become the need of the hour with more and more organizations finding and creating ways to offer their services digitally. Digital transformation of an economy is a great thing but with the parallel increase in cyberattacks, it is up to the governments to ensure the cybersecurity of public services and government data platforms as well GAAP-based services. More and more people are relying on the government to get their news, data, public services from the safety of their homes and it is the responsibility of the government to ensure data security and continuous services to the public without being held hostage by ransomware or losing sensitive data to RATs and viruses.

To combat such cybersecurity threats, governments must take these actions:

  • Governments must develop national cybersecurity strategies and create a regulatory framework for cybersecurity initiatives. They must together with the private sector to create sound and robust cybersecurity measures and be agile with their implementation.
  • Governments have been sharing data about the pandemic to help each other prepare for the possible challenges. This international cooperation needs to be extended to the sphere of cybersecurity so that private entities and governments around the world can function together to neutralize any future global threat in cyberspace.
  • Governments must raise awareness of the possibility of cyberattacks. Citizens must be trained and taught about cybersecurity threats and the best ways to deal with them. Raising awareness and training people in digital technology can immediately fix the human vulnerability in the system.
  • Governments must also look for data backup options as well as a secure avenue for hosting their services and storing their data. Cloud-based services offer security as they are not stored on databases of the organization and as such cannot be accessed by anyone and offer scalability options so that when your employees need to have remote access, the system has protocols in place to deal with the demand.