COVID-19 & Global Cybersecurity: Urgent Action is Needed
COVID-19 has impacted our lives in many aspects; one of them is the emerging trend in cybersecurity threats on a global scale. Many governments have reported an increase in cyber threats since the outbreak of the COVID-19. Just recently, the Federal Bureau of Investigation (FBI) and the Department of Justice (DoJ) have recently warned that the coronavirus-related cyber threat is growing and a massive spike in hackers and scammers using the COVID-19 crisis is targeting Americans for financial or informational gain. For example, the FBI’s Internet Crime Complaint Center (IC3) has received at least 20,000 coronavirus-related cyber threat reports this year; it is between 3,000 and 4,000 complaints per day. The European Union (EU) officials have already stated that the EU cybersecurity “at risk from hackers” and asks for joint actions with the Members States and other stakeholders to improve cybersecurity capabilities.
At the international level, top United Nations officials have warned that “cybercrime is also on the rise, with a 600 percent increase in malicious emails during the current crisis.” The United Nations (UN) officials described the COVID-19-related cyber threats as an “infodemic” of misinformation. It is a situation where people received misinformation, disinformation, and rumors during a health emergency. Cybercriminals have been conducting attempted ransomware attacks in which their phishing and ransomware campaigns are using the coronavirus pandemic to actively target healthcare workers. The International Criminal Police Organization (INTERPOL) also sees an increase in counterfeit medical products, fraud, and cybercrime. Cybercriminals would disguise themselves as the World Health Organization (WHO) to conduct scams or to steal personal and sensitive information.
One direct and obvious factor contributing to the rise of cyber threats is the drastic increase of internet users – from students, teachers, government workers, to private-sector employees and politicians. After the shutdown of schools and many governmental and non-government sectors, all face-to-face meetings were transferred into online platforms. The Internet has become the primary tool for many people to conduct their works. The amount of time that people spend on the Internet increased, exposing themselves to the risks of cyberthreats. Private-sector data revealed a 350% surge in phishing websites since the start of the pandemic.
Another factor is the inadequate cybersecurity education to raise public awareness in many countries, including the United States. With the sudden change of people’s online-using habits before and after the outbreak of the COVID-19, people (old and young) have not yet realized that they could be in danger online – even staying at home. This is not a new problem. For example, one article pointed out that employees of healthcare organizations in North America lack cybersecurity education and awareness in three main areas: regulation, policy, and training.
With the increasing number of internet users in the event of COVID-19, there are three areas that we need to take immediate action. First, one of the most vulnerable groups during COVID-19 is school-aged children. Most of the school children had to used e-learning in the past spring semester and now have entered their summer vacation, and it is difficult to have a comprehensive study about how much time they spend in front of the “screens.” The amount of time they use electronic devices has drastically increased. Since they could not quickly distinguish between the real and virtual worlds, there has been an immediate risk of falling prey to cybercriminals.
The second area is the protection of information and finance for enterprises and workers. The world’s dependence on information and telecommunication technologies is unprecedented. The Business Email Compromise (BEC) is on the rise, especially during the pandemic, and there is much work to be done. The growth of digital dependency in the workforce worldwide has increased the vulnerability to companies and their employees.
The third area is the cybersecurity infrastructure in many developing countries are not strong enough. According to the International Telecommunication Union, nearly 90 countries are still only at the early stages of making commitments to cybersecurity.” It relies on multi-national efforts to assist those countries, including adjusting national legal and regulatory frameworks in the cyberspace and unifying cybersecurity awareness campaigns, despite it is challenging to conduct on-site capacity building during this situation.
As the COVID-19 pandemic continues to change our way of life, it is a daunting alarm that people are exposing more to the increasing cybersecurity threats while not having enough awareness and education. For the private sector, the improvement of data management, IT security, and employee education are critical to prevent cyber hacking and BECs. We need to push governments to work more with private sectors and international partners toward feasible and effective campaigns.
The worst-case scenario is that the governments are more concerned about the economy than the increasing level of cybersecurity threats. Whether governments and companies learn security lessons from the COVID-19 pandemic remains to be seen.
Leo S.F. Lin
Leo S.F. Lin is the co-chair of the Information Warfare and Intelligence Discussion Group, Young Professionals in Foreign Policy (YPFP) in Washington DC, and a member expert with the Global Initiative against Transnational Organized Crime (GITOC) in Geneva, Switzerland. He is a Certified Cyber Intelligence Professional (CCIP) awarded by the McAfee Institute.