• The COVID-19 pandemic has changed the digital space - and cybercriminals are taking advantage.
  • Organizations should build resilience and put defences and security protocols in place before they are attacked.
  • A new targeted training programme has been created with the Forum to help firms do just that.

The COVID-19 pandemic has changed both the physical world and the digital space, where companies and organizations are being confronted with daunting cybersecurity challenges for which few were ready or equipped to face.

Owing to the radical shift in working conditions, cyberattacks and data fraud now rank third among the greatest concerns of business leaders, as reported in the World Economic Forum's COVID-19 Risks Outlook. The probability of malicious cyber activity is even more disturbing considering that 53% of companies have never stress-tested their systems, according to a CNBC survey.

The key takeaway from these and a host of other startling probabilities is that preparedness for any type of cyber crisis at all levels of an organization is crucial. Top management, cybersecurity specialists and every employee must know what to do when a crisis hits. The Cyber Polygon exercise, which offers targeted training, has been created precisely for this purpose.

Cybersecurity should be an executive priority

According to our Threat Zone survey of 245 companies in 25 countries, 46% of companies do not recognize cybersecurity as a strategic priority. What could be the potential adverse implications of that scale on the current scale of remote operations and the consequent security challenges to many businesses? There is no alternative to preventive cybersecurity readiness — organizations must consider various plausible scenarios and develop adequate response actions and plans.

During the Cyber Polygon online exercise that will take place on 8 July 2020, globally renowned experts will demonstrate how preparedness for multiple scenarios and consequences proves most effective in the long run. This involves:

1. Building cybersecurity strategies, introducing pre-emptive measures.

2. Shaping crisis management plans and recovery roadmaps.

3. Understanding the changes in the cyberthreat landscape and adjusting strategies and mitigation plans accordingly.

Upgrading technical expertise

No company is immune to cyberthreats, not even those with the most cutting-edge protective measures. Continuously developing the cybersecurity competencies of technical specialists is vital in today's fast and ever-changing threat landscape. Ongoing skills training and regular practice of crisis mitigation plans are essential to preparing and enabling response teams to react quickly and effectively to increasingly sophisticated types of attacks and avert costly or crippling damage and losses to the organization.

Cyber Polygon offers technical specialists the opportunity to drill and practice real-time response to attacks in preparation for real-life situations:

1. Participants will repel targeted attacks on business-critical systems.

2. They will investigate the incident using classic forensics and threat-hunting techniques.

3. They will create a register based on the information gathered, to help law enforcement agencies locate the criminals.

The exercise will be held in a specially designed simulated infrastructure without any consequences for real business services.

Cybercriminals are taking advantage of the pandemic
Cybercriminals are taking advantage of the pandemic
Image: Check Point Research

Cyber hygiene is everyone’s responsibility

The nature of the interconnected world obliges each individual employee to be fully responsible for the security of the organization as a whole – one error or the slightest security omission can catapult an entire organization into disaster. Against the turmoil of the coronavirus pandemic, malicious actors and fraudsters are taking advantage of public panic and a lack of cyber savviness among non-specialists, with a growing number of attacks targeting remote workplaces. In our operations in 22 countries, we see that the number of phishing emails has grown by 30% since the beginning of March 2020, with 20% of them 'baiting' victims with mentions of the coronavirus.

Meanwhile, the majority of remote employees have suddenly found themselves working on their own, using corporate resources without having received any preliminary or precautionary security instructions. It is critical that all staff members abide by basic cyber hygiene practices:

1. Software on desktop computers should be set to update automatically. Full antivirus checks must be conducted at least once a week and passwords changed regularly.

2. Applications installed on mobile devices should be sourced only from trusted developers and official application stores.

3. Encryption and two-factor authentication should be obligatory for all messaging. Employees should not use chat applications to exchange confidential information.

4. Sensitive data should be transmitted via corporate email only. In case of email reception from an unknown sender, links should not be accessed and attachments not opened.

5. When entering passwords or card details in browsers, employees should ensure that the website observes the HTTPS encryption protocol and checks the page for phishing indicators.

More practical guidance on cyber hygiene is available on the Cyber Polygon website.

Everyone interested in these issues can learn more by joining the Cyber Polygon live stream on 8 July, which will feature widely acclaimed experts from international organizations and global technology corporations, among others. The most recent types of threats and the latest cybersecurity trends will be highlighted, as well as best practices in preventing and mitigating the consequences of large-scale attacks.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Training available to all

The pandemic has affected all businesses to one degree or another. Any company can take action to ensure a secure corporate environment and reinforce its cybersecurity capabilities to combat unexpected threats effectively. Training skills and addressing security issues continuously and at all levels is a key solution to overcome these challenges:

1. Employees will become familiar with basic cybersecurity requirements and how to enhance cyber-resilience in the company through digital literacy.

2. Technical specialists will benefit from skill upgrades, knowledge exchange and effective management of real-life emergencies.

3. Senior management will improve and secure their businesses with advanced knowledge of cybersecurity strategy development and the design of anti-crisis plans for business continuity in crisis situations.

At Cyber Polygon, every participant will have the opportunity to learn new or hone current skills in their respective fields and can thereby effectively contribute to strengthening cyber-resilience at all levels of their organization.

Stay safe and boost your cyber immunity - not only to secure your company against current threats, but also to prevent the outbreak of a cyber pandemic.

The Cyber Polygon project is conducted in collaboration with the World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust.