• The COVID-19 pandemic has changed the digital space - and cybercriminals are taking advantage.
  • Organizations should build resilience and put defences and security protocols in place before they are attacked.
  • A new targeted training programme has been created with the Forum to help firms do just that.

The COVID-19 pandemic has changed both the physical world and the digital space, where companies and organizations are being confronted with daunting cybersecurity challenges for which few were ready or equipped to face.

Owing to the radical shift in working conditions, cyberattacks and data fraud now rank third among the greatest concerns of business leaders, as reported in the World Economic Forum's COVID-19 Risks Outlook. The probability of malicious cyber activity is even more disturbing considering that 53% of companies have never stress-tested their systems, according to a CNBC survey.

The key takeaway from these and a host of other startling probabilities is that preparedness for any type of cyber crisis at all levels of an organization is crucial. Top management, cybersecurity specialists and every employee must know what to do when a crisis hits. The Cyber Polygon exercise, which offers targeted training, has been created precisely for this purpose.

Cybersecurity should be an executive priority

According to our Threat Zone survey of 245 companies in 25 countries, 46% of companies do not recognize cybersecurity as a strategic priority. What could be the potential adverse implications of that scale on the current scale of remote operations and the consequent security challenges to many businesses? There is no alternative to preventive cybersecurity readiness — organizations must consider various plausible scenarios and develop adequate response actions and plans.

During the Cyber Polygon online exercise that will take place on 8 July 2020, globally renowned experts will demonstrate how preparedness for multiple scenarios and consequences proves most effective in the long run. This involves:

1. Building cybersecurity strategies, introducing pre-emptive measures.

2. Shaping crisis management plans and recovery roadmaps.

3. Understanding the changes in the cyberthreat landscape and adjusting strategies and mitigation plans accordingly.

Upgrading technical expertise

No company is immune to cyberthreats, not even those with the most cutting-edge protective measures. Continuously developing the cybersecurity competencies of technical specialists is vital in today's fast and ever-changing threat landscape. Ongoing skills training and regular practice of crisis mitigation plans are essential to preparing and enabling response teams to react quickly and effectively to increasingly sophisticated types of attacks and avert costly or crippling damage and losses to the organization.

Cyber Polygon offers technical specialists the opportunity to drill and practice real-time response to attacks in preparation for real-life situations:

1. Participants will repel targeted attacks on business-critical systems.

2. They will investigate the incident using classic forensics and threat-hunting techniques.

3. They will create a register based on the information gathered, to help law enforcement agencies locate the criminals.

The exercise will be held in a specially designed simulated infrastructure without any consequences for real business services.

Cybercriminals are taking advantage of the pandemic
Cybercriminals are taking advantage of the pandemic
Image: Check Point Research

Cyber hygiene is everyone’s responsibility

The nature of the interconnected world obliges each individual employee to be fully responsible for the security of the organization as a whole – one error or the slightest security omission can catapult an entire organization into disaster. Against the turmoil of the coronavirus pandemic, malicious actors and fraudsters are taking advantage of public panic and a lack of cyber savviness among non-specialists, with a growing number of attacks targeting remote workplaces. In our operations in 22 countries, we see that the number of phishing emails has grown by 30% since the beginning of March 2020, with 20% of them 'baiting' victims with mentions of the coronavirus.

Meanwhile, the majority of remote employees have suddenly found themselves working on their own, using corporate resources without having received any preliminary or precautionary security instructions. It is critical that all staff members abide by basic cyber hygiene practices:

1. Software on desktop computers should be set to update automatically. Full antivirus checks must be conducted at least once a week and passwords changed regularly.

2. Applications installed on mobile devices should be sourced only from trusted developers and official application stores.

3. Encryption and two-factor authentication should be obligatory for all messaging. Employees should not use chat applications to exchange confidential information.

4. Sensitive data should be transmitted via corporate email only. In case of email reception from an unknown sender, links should not be accessed and attachments not opened.

5. When entering passwords or card details in browsers, employees should ensure that the website observes the HTTPS encryption protocol and checks the page for phishing indicators.

More practical guidance on cyber hygiene is available on the Cyber Polygon website.

Everyone interested in these issues can learn more by joining the Cyber Polygon live stream on 8 July, which will feature widely acclaimed experts from international organizations and global technology corporations, among others. The most recent types of threats and the latest cybersecurity trends will be highlighted, as well as best practices in preventing and mitigating the consequences of large-scale attacks.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

Training available to all

The pandemic has affected all businesses to one degree or another. Any company can take action to ensure a secure corporate environment and reinforce its cybersecurity capabilities to combat unexpected threats effectively. Training skills and addressing security issues continuously and at all levels is a key solution to overcome these challenges:

1. Employees will become familiar with basic cybersecurity requirements and how to enhance cyber-resilience in the company through digital literacy.

2. Technical specialists will benefit from skill upgrades, knowledge exchange and effective management of real-life emergencies.

3. Senior management will improve and secure their businesses with advanced knowledge of cybersecurity strategy development and the design of anti-crisis plans for business continuity in crisis situations.

At Cyber Polygon, every participant will have the opportunity to learn new or hone current skills in their respective fields and can thereby effectively contribute to strengthening cyber-resilience at all levels of their organization.

Stay safe and boost your cyber immunity - not only to secure your company against current threats, but also to prevent the outbreak of a cyber pandemic.

The Cyber Polygon project is conducted in collaboration with the World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust.