- The COVID-19 pandemic has increased use of and reliance on the internet as people need to work and learn from home.
- Cyberattacks have also increased worldwide during the crisis.
- Governments can address cybersecurity in the post-pandemic world if they work together to adjust national frameworks, increase international cooperation and unify awareness campaigns.
The COVID-19 pandemic is accelerating digital transformation and heavier reliance on digital services. The increased adoption of telework and distance learning due to “social distancing” have led to a 50% increase in data traffic in some markets.
During the crisis, cyberattacks have increased worldwide, including against critical healthcare institutions, which have been the target of ransomware attacks. Private sector data reveals a 350% surge in phishing websites since the start of the pandemic. The United Kingdom and United States have reported that a growing number of cyber criminals and other malicious groups are exploiting the situation for their own personal gain, and cyber criminals have used stimulus packages as the subject of phishing hoaxes.
At the same time, governments are paying more attention to digital tools and services due to their increased use. This presents an opportunity to address cyber threats and unify efforts to ensure an open, secure, trustworthy and inclusive internet that would have otherwise taken much longer.
Have you read?
Despite the current challenges, the cyber community can work together to guarantee security, privacy and digital rights. To seize the opportunity, governments must take three specific actions.
1. Adjust national frameworks
Countries must become more agile in updating or developing national cybersecurity strategies, as well as legal and regulatory framework regarding cyberspace. These initiatives must take a multi-stakeholder approach, including paying close attention to the construction of incident response capacities in all sectors. Governments cannot act alone, and the participation of the technical community and the private sector are essential to building effective resilience capabilities.
Harmonizing legislation should also be a priority. Today, the Budapest Convention is the most global and inclusive agreement dedicated to fighting cybercrime. It has been ratified by 55 countries, with another 10 requesting accession. The Organization of American States (OAS) recommends adhesion to the Convention, and international organizations and countries should consider it a means to achieve immediate international cooperation on information sharing and cross-border investigation.
2. Increase international cooperation
Information sharing has increased since COVID-19 erupted. We need to maintain this momentum and formalize it for all cyber-related issues. Cybersecurity requires international cooperation, and there is a need to increase trust, at all levels, between countries and industries. Tomorrow, there will be a new “virus” or a “common enemy” in cyberspace; hence, collaboration at the policy, technical and law enforcement levels will be vital to protect us and allow us to work together to find solutions.
A good example of international cooperation is the regional hemispheric network CSIRTAmericas, which is a community of Computer Security Incident Response Teams (CSIRTs) in the Western Hemisphere. During crises such as Wannacry and the COVID-19 pandemic, this community has been able to reunite virtually to share real-time information and exchange knowledge and information to address regional challenges.
3. Unify awareness campaigns
Educate, educate, educate.
No one is immune to a cyber incident or one “bad click.” We must increase awareness at all ages and levels, regardless of industry. In particular, it is of utmost importance to start teaching children about cybersecurity. In this era of rapid technological advancement, children need to immerse themselves in technology at a young age in order to learn the skills they will need throughout their lives. They must be empowered to make the most out of this opportunity, while also staying protected and aware of their risks.
Governments and the private sector should join together to work toward unified awareness campaigns. Initiatives such as “Stop. Think. Connect.” could serve a model for other efforts. Furthermore, users should never be the last line of defense in cybersecurity, as they need to play a role in educating each other and amplifying the reach of awareness campaigns. Cybersecurity is a shared responsibility.
We also need to push a gender-inclusive approach to cyber issues. The Inter-American Commission of Women of the OAS have already recognized differential impacts of COVID-19 on women’s lives, including the increase in violence against women and girls on the internet. Moreover, women are bearing a significant burden of the pandemic’s economic impact, particularly in terms of employment. This makes the case for mainstreaming gender considerations in cybersecurity policies as well as employment options.
What is the World Economic Forum doing on cybersecurity
The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.
Platform activities focus on three main challenges:
Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.
The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.
The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security. Based on 9 common principles, the Call encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense and refrain from doing harm.
For more information, please contact us.
As the COVID-19 pandemic accelerates digital transformation, it is essential that countries take a cognizant look at their cyber posture and implement concrete measures to promote a more reliable and trustworthy internet. These three strategic actions should be taken as initial steps towards building a stronger level of digital trust and enabling a robust cybersecurity environment in a post-pandemic world.
The views expressed in this article are those of the author alone and not the OAS nor the World Economic Forum.