Spotlight on Cyber: The Role of Cybersecurity in COVID-19 Response
Throughout the response to the COVID-19 pandemic, cybersecurity has had an increasingly important role in providing platforms for essential services, protecting data and systems, and helping organizations adapt to a new normal. As services and data move online and into the cloud, there is a heightened focus on cybersecurity and how organizations can enhance their cyber preparedness capabilities. The following details three key ways that the role of cybersecurity has grown and evolved during the COVID-19 pandemic.
Kaitlyn Baker: Unsplash
The Evolving Role of Cybersecurity
- Increased Cyberthreats.
Cyberthreats have risen as cybercriminals seek to take advantage of the pandemic with malicious cyber activity. According to an alert from the Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals used content related to COVID-19 to deploy malware, phishing attacks, and malicious domain names. Sentinel Labs also noted an increased number of attack campaigns using the Trickbot and Formbook platforms, with a focus on malicious applications targeted at teachers searching for online educational tools. Other attack types have used links purporting to contain information about COVID-19 family leave, tax relief, or package shipping.
Cyberthreats are expected to continue to rise as the pandemic persists. According to a report on the global cyberthreat landscape, the International Criminal Police Organization (INTERPOL) projects an increase in malicious cyber activity such as online scams in response to the economic downturn that has accompanied the pandemic. This rise in cyberthreats has increased the need for security measures, as well as emphasized the importance of recognizing the signs of a malicious link or download.
- Widespread Use of Online Services and Platforms.
Due to stay-at-home orders and social distancing measures, many services and functions have been moved online or into the cloud. As these services are relocated to online platforms, security measures must be put in place to protect them. With an increase in remote work, hijacking or “bombing” of video conferencing tools has become a common threat, allowing sensitive data to be accessed by unauthorized users and published to public forums. Some services that involve personal data, like driver license registration, have also been encouraged to move online to increase accessibility and limit unnecessary travel. This has created new vulnerabilities that must be counteracted with appropriate security measures.
The vulnerability of online platforms and data has created a higher demand for cybersecurity services, with an expected 12% compound annual growth rate in the cybersecurity market between 2019 and 2021 and 70% of organizations expecting to increase cyber security spending following the pandemic. This growth signals a greater role for cybersecurity within a diverse range of sectors; as more organizations choose to digitize services, they will require measures to secure their services, platforms, data, and users from cyberthreats.
Mati Flo: Unsplash
- Rising Need for Innovative Solutions.
During the pandemic, public and private sector entities have been called upon to develop new systems, policies, and protocols to meet emerging needs. Cybersecurity professionals have been vital to supporting the implementation of new and innovative programs. Some state governments, such as Montana, have introduced new chatbot systems to answer resident questions and reduce the number of support calls made to government offices.
In other cases, creating innovative solutions has involved addressing the cyber inequities revealed by COVID-19. As sectors such as education and healthcare move online, lack of access to broadband has deepened existing disparities. According to the EdWeek Research Center, 64% of school district leaders with a larger (more than 75%) proportion of low-income students said lack of technology access among students was a “major challenge” to teaching. In response, solutions to increase internet access, such as school buses retrofitted with WiFi hotspots, have been established. As stay-at-home orders and closures remain in effect, cybersecurity stakeholders will be key partners in creating solutions to meet emerging needs.
WHAT CAN YOUR ORGANIZATION DO?
As organizations continue their response to the COVID-19 pandemic, it is important to re-evaluate current protocols and postures, identify vulnerabilities, and implement solutions to address gaps in the area of cybersecurity. Consider the following recommendations for enhancing your organization’s cybersecurity for the current threat landscape:
- Use a risk assessment to evaluate your organization’s vulnerabilities and prioritize ways to minimize risks. This provides your organization with a better understanding of its risks while allowing you to determine short, intermediate, and long-term goals for increasing cyber resilience while managing competing response priorities.
- Foster collaboration between cybersecurity stakeholders and response partners. Diverse stakeholders will need to work together to identify effective solutions to emerging issues. Cybersecurity stakeholders should be prepared to coordinate with public and private sector partners to implement measures that contribute to cyber preparedness.
- Establish a continuity of operations plan. As organizations seek to maintain their essential functions during the pandemic, continuity of operations (COOP) plans can serve a critical role in directing activities and defining roles and responsibilities. Organizations can use these COOP plans to identify priorities and ensure cybersecurity considerations are integrated in their operations.
- Document lessons learned and areas for improvement. While many steady-state projects are currently on hold, organizations can plan for recovery by taking note of their gaps and successes in managing cybersecurity during pandemic response. Documenting lessons learned will support activities like cybersecurity planning, training, policy development, and exercise design in the future.
Hagerty Consulting, Inc. (Hagerty) has the experience and expertise to support organizations in cybersecurity preparedness efforts, as well as pandemic planning, business continuity, and COOP. We stand ready to help with your organization’s assessment, planning, training, and exercise needs to enhance cybersecurity and emergency response strategies in the midst of the evolving COVID-19 response. To learn more about Hagerty’s cybersecurity service line, contact firstname.lastname@example.org or visit our cybersecurity microsite and use our free Cybersecurity Assessment Tool to evaluate your capabilities.
Erin Bajema is a Managing Associate in the Preparedness Division working out of Hagerty’s headquarters in Evanston, Illinois. Erin has supported planning and exercise design initiatives across a diverse range of subject areas including cybersecurity, pre-disaster recovery and redevelopment planning, cost recovery, housing, damage assessments, active threat, and air transit.