Over the past several years, many economists (for a variety of reasons) have predicted a global recession in 2020. The ongoing COVID-19 pandemic is aggressively pushing the world into a deep recession. Businesses are laying off or furloughing workers, cutting salaries, and even closing. These actions were anticipated for firms operating within heavily impacted industries like the retail, hospitality, tourism, travel, financial services, and real estate sectors. However, the same actions are being adopted by firms in a growing range of industries, including the technology sector. Tesla, for instance, announced that it would be cutting employee salaries and furloughing hourly workers as it was forced to suspend production temporarily.
Cyber-Espionage and the Economy
While the current pandemic crisis presents businesses with unprecedented economic challenges to their very existence, it has also created a tremendous level of cyber-risks. Heightened risks are present not only due to the significant numbers of individuals working from home, increasing the vulnerability landscape, but also because as states fall deeper into recessions, some may resort to cyber-espionage in an attempt to position better their post-pandemic political, economic, and industrial structures. Regardless of the industry, the intellectual property (IP) of any organization is likely to be a precious target for foreign government-sponsored hackers.
Whether they seek production know-how, manufacturing plans, patents, research, or trade secrets, foreign governments may resort to unethical means of acquiring critical industrial and trade information to enhance their domestic economy posture and further leverage their comparative and absolute advantages, while simultaneously imposing costs on their adversaries. Chinese government-sponsored hacking groups, as well as their Russian counterparts, have a long-standing history of engaging in such malicious acts.
Government-sponsored and international criminal hacking groups, particularly those sponsored by the Chinese and Russian governments, are likely already taking advantage of the pandemic to increase their espionage activities around the globe. In this respect, it was recently reported that the Chinese cyber threat group, APT41, has already launched “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years” according to the cybersecurity firm FireEye. The attacks targeted the healthcare sector, including the pharmaceutical industry as well as other industries, including banking, manufacturing, media, telecommunications, and non-profits in several countries. Though, arguably, different sectors might be more prone to cyber-espionage campaigns than others, depending on the level of the industry’s criticality and IP possession. Yet in desperate economic times, government-sponsored hackers are likely to “harvest” as much data as possible—even non-industrial data.
Politically Motivated Cyber-Espionage
Many would argue that an organization’s IP or industrial data are the primary targets for government-backed hackers and cyber-attacks. However, non-industrial data can also be of great value to adversary governments to leverage their political advantage and position. Such data can include the general online behavior of the public, which then can give adversary-states insight into public sentiment towards the government of a target country, thus allowing adversaries to more effectively plan and orchestrate targeted online disinformation campaigns. These online campaigns are usually conducted to degrade the credibility and trust between the targeted country’s public and its media and governmental institutions. In doing so, adversaries attempt to covertly shape political developments in targeted countries.
Accordingly, cyber espionage is an activity that effective online disinformation campaigns are built upon. Again, it is no wonder how Chinese and Russian backed cyber-troops pioneered the systematic use of online disinformation tactics and exploitation of social media for such purpose. The latter is particularly evident from the recent actions performed by China and Russia while the ongoing pandemic crisis is taking place, where both countries tried to push conspiracy theories targeting western audiences to create political divisions, fear, and confusion. Furthermore, as the pandemic crisis continues to profoundly disrupt the global economy, the debate on global power shifts, and the reshaping of the international order is already starting to take place. In this regard, one cannot ignore China’s hegemonic intentions, and neither should one be surprised to see a surge of Chinese cyber-espionage and disinformation campaigns.
Countermeasures
Undoubtedly, the current pandemic presents both public and private organizations around the world with unprecedented economic risks leading to severe consequences on a macro and micro-scale. Although macro-level implications are evident in terms of economic performance, unemployment, and economic security, micro-level consequences may include a rise in crime, public unrest, and threats to civil order. Furthermore, the micro-level effects mentioned can be further fuelled by foreign cyber espionage and disinformation campaigns aimed at undermining the internal stability of a targeted state by adversarial actors.
That said, protective measures and recovery plans must be collective, in coordination and close partnership between a nation’s government, domestic organizations, and the private sector. The current pandemic has narrowed the available options for mitigating the economic fallout given the unanticipated and significant decline many industries are facing.
As economic measures, including but not limited to stimulus packages—an integral part of a state’s national security—are being implemented around the globe, the focus here is on governmental countermeasures targeting the spread of foreign cyber-espionage and disinformation. Even a slight relaxation of counter-espionage and counter-disinformation measures could impact economic recovery efforts. In this respect, several actions can be taken at the national level:
- Sovereign states should agree on a formalized collective, coordinated intergovernmental response of indictment, and sanctions against governments sponsoring hacking groups should be implemented.
- Governments should reinforce and harness their cyber defenses and data encryption. Additionally, governments must continuously address the weakest link in their cybersecurity chain: the human factor. The human element is mostly thought of in terms of increasing cyber-awareness and hygiene training. However, the particular focus here is the importance of increased monitoring of staff to limit insider threats who can be recruited by foreign bodies for facilitating espionage or network access.
- Existing data policies of every governmental institution should be reviewed to further control and limit who have access to what.
- Governments should strongly encourage the private sector industries to harness their internal cybersecurity team. While medics globally are on the frontline of fighting the pandemic and coronavirus spread, the organization’s cybersecurity teams are on the frontline of fighting the dangerously rising level of cyberthreats and associated digital risks related to espionage. That said, regardless of the industry, organizations must empower their cybersecurity teams more than before to more effectively counter increasing vulnerabilities surface and cyber-risks. Especially that with the growing pandemic uncertainties, social distancing measures will undoubtedly increase the individuals use of internet, computers, tablets, and smartphones.
- Governments should increase online cyber-hygiene and awareness training for their general public. While cyber-hygiene has been something long-time called for, yet it is currently more required than before. Individuals must ensure vigilance while digitally navigating. Especially in times of crisis and fear, due to human nature, individuals thrive on more news and updates on the internet. In this regard, cybercriminals will possibly exploit such concerns to distribute more malware, malicious link, malicious websites, phishing emails, and scamming attempts. Recent reports found that global phishing activity increased by 667 percent during March 2020.
- Governments should as well as encourage the private sector industries to limit the access of employees working from home to the organization’s intellectual property. Whether confidential financial documents, business plans, or critical research in an R&D department, employees’ access to any document or material deemed as the organization’s intellectual property should be as limited as possible. Concerning point five, it is never guaranteed that employees will not fall prey to any online malicious trap that could infect their device.
- Continuously re-evaluate the digital and online tools needed by public and private sector employees needs to work from home to ensure safety, privacy, and security as much as possible. As different organizations utilize different tools and thus requires a different level of assessment. However, one example we can indicate here is the rapid adoption of Zoom, a video conferencing website and app that saw a rapid rise globally over the past month as a result of the “working from home” implementation. Accordingly, it’s been reported that hackers are capitalizing on the current extensive use of communication apps, including Zoom and Google classrooms, and are trying to infiltrate online meetings. Furthermore, there are ongoing concerns over Zoom’s privacy practices, with countries like Taiwan already banning its use.
- In tackling online disinformation threats, governments should set up a dedicated taskforce comprising stakeholders of its national intelligence, national security, media, and ICT authorities. Such a task force would contribute to protecting their nation’s citizens by ultimately monitoring continuously and responding to foreign media outlets, online propaganda, and social media for adversaries’ disinformation campaigns. Furthermore, such a taskforce should regularly communicate to the public the right and factual information to avoid unintentional misinformation spread by the public.
- Governments should work at all levels to ensure the highest level possible of transparency and government performance with its citizens via daily press briefings, in appearances on national media outlets, and official social media accounts. In doing so, governments minimize the possibility of having its citizens falling victim to falsified information spread by adversaries online.
With the ongoing pandemic crisis combined with the “warning drums” of a deep economic recession, governments worldwide are facing a full-scale national crisis that perhaps the maximum was done prepare for it was a hypothetical simulation or a table-top exercise. Managing the crisis, in reality, can be much more complex and a nightmare for decision-makers. However, flexible, agile, and governments that are being flexible and adaptable while at the same time prioritizing their cybersecurity measures and counter-espionage efforts are more prone to survive the crisis as well as sustain domestic business operations with minimal loss.
About the Author
Mohamed ELDoh
Mohamed ELDoh is a business development and consulting professional in the security and defense sector. Mohamed holds an MBA from the EU Business School, an Advanced Certificate in Terrorism Studies from the University of St Andrews, and is a doctoral candidate at the Grenoble École de Management, where he researches strategy and online behavior.