THE BIG PICTURE – WHY THE TOPIC MATTERS?
The COVID-19 crisis that has forced the mass of people to move their activities to the online world – their ability to ensure a viable continuity of institutions and social life despite a pandemic. However, it has also brought forward some of the basic truths about the cyber environment that many experts in the cybersecurity field found, over the last decade and a half, difficult to communicate to decision-makers. COVID-19 has exposed cracks and insufficiencies in how we have managed the digital infrastructure overall. Internal resources, previously protected and accessed through well-defended networks, have now become exposed. They are now being widely accessed through poorly secured endpoints, which cyber criminals and cyber spies are starting to take advantage of. Bitdefender has noted an almost 500% increase in malware attacks over the past month related to COVID-19. Malware deployments on unprotected or lightly defended devices have established bridges that might be used in the future. Ransomware has been employed against hospitals and healthcare providers and there have already been several hospitals that have been hit in Europe and numerous others that are under risk because of poor cybersecurity practices. The consequences of successful large-scale cyber-attacks might go well beyond the actual lockdowns that we are currently experiencing under the COVID-19 pandemic.
MAIN THREATS & CHALLENGES:
- increased network congestion, strain and failures
- lack of business continuity plans at companies and institutions
- poor scalability of the existing tools (e.g. VPNs)
- exposure of internal assets which can be accessed through poorly secured endpoints
- lack of cybersecurity capabilities and increased vulnerabilities in critical sectors of the economy
- risk of surveillance
- It is necessary to understand that telecommunications and internet resources are critical national assets and, as a result, require some supranational and national coordination.
- Regulatory tools that could compel providers to share bandwidth and peering in emergency situations should be developed. However, this measure has to be taken with great care and caution because it does carry a risk of surveillance and control over the Internet at a level that is unprecedented in democratic countries.
- Business continuity plans that would envisage situations whereby a large number of employees has to work remotely need a greater attention from organisations and institutions They should focus on both devices used by employees and secure communications methods. VPNs do not scale easily and are computationally heavy. In addition, if they support large numbers of users, they very quickly start to reach their physical limits.
- It is also important to mobilise the cybersecurity industry. Hospitals, municipalities and critical infrastructure providers very often do not have the knowledge or the capabilities to simultaneously deal with the stress of operating in a disconnected environment and managing cybersecurity. It is a priority to establish coordination and clearinghouse mechanisms for cybersecurity that can match the capabilities of the industry with the needs of hospitals, municipalities and other institutions.
- The crisis is a wake-up call. Our economy, our political system, our institutions (from municipalities to healthcare institutions to critical infrastructure providers) highly leverage on digital technologies and digital communications. In crises like COVID-19, that dependence becomes even more apparent as people are not able to use any other means for coordinating their activities. Digital public safety needs to become an organic component of digital transformation in all digital policies. This means building infrastructure not just for efficiency but for resilience and digital hygiene. Resilient infrastructure can be established through money and investments while digital hygiene can be accomplished through behaviour change. with the aim to create a well-informed and well-equipped citizenry and workforce.
More CYBERSEC Brussels Leaders' Foresight 2020 recommendations will be publish soon.