- The COVID-19 pandemic has increased use of and reliance on the internet as people need to work and learn from home.
- Cyberattacks have also increased worldwide during the crisis.
- Governments can address cybersecurity in the post-pandemic world if they work together to adjust national frameworks, increase international cooperation and unify awareness campaigns.
The COVID-19 pandemic is accelerating digital transformation and heavier reliance on digital services. The increased adoption of telework and distance learning due to “social distancing” have led to a 50% increase in data traffic in some markets.
During the crisis, cyberattacks have increased worldwide, including against critical healthcare institutions, which have been the target of ransomware attacks. Private sector data reveals a 350% surge in phishing websites since the start of the pandemic. The United Kingdom and United States have reported that a growing number of cyber criminals and other malicious groups are exploiting the situation for their own personal gain, and cyber criminals have used stimulus packages as the subject of phishing hoaxes.
At the same time, governments are paying more attention to digital tools and services due to their increased use. This presents an opportunity to address cyber threats and unify efforts to ensure an open, secure, trustworthy and inclusive internet that would have otherwise taken much longer.
espite the current challenges, the cyber community can work together to guarantee security, privacy and digital rights. To seize the opportunity, governments must take three specific actions.
1. Adjust national frameworks
Countries must become more agile in updating or developing national cybersecurity strategies, as well as legal and regulatory framework regarding cyberspace. These initiatives must take a multi-stakeholder approach, including paying close attention to the construction of incident response capacities in all sectors. Governments cannot act alone, and the participation of the technical community and the private sector are essential to building effective resilience capabilities.
Harmonizing legislation should also be a priority. Today, the Budapest Convention is the most global and inclusive agreement dedicated to fighting cybercrime. It has been ratified by 55 countries, with another 10 requesting accession. The Organization of American States (OAS) recommends adhesion to the Convention, and international organizations and countries should consider it a means to achieve immediate international cooperation on information sharing and cross-border investigation.
2. Increase international cooperation
Information sharing has increased since COVID-19 erupted. We need to maintain this momentum and formalize it for all cyber-related issues. Cybersecurity requires international cooperation, and there is a need to increase trust, at all levels, between countries and industries. Tomorrow, there will be a new “virus” or a “common enemy” in cyberspace; hence, collaboration at the policy, technical and law enforcement levels will be vital to protect us and allow us to work together to find solutions.
A good example of international cooperation is the regional hemispheric network CSIRTAmericas, which is a community of Computer Security Incident Response Teams (CSIRTs) in the Western Hemisphere. During crises such as Wannacry and the COVID-19 pandemic, this community has been able to reunite virtually to share real-time information and exchange knowledge and information to address regional challenges.
3. Unify awareness campaigns
Educate, educate, educate.
No one is immune to a cyber incident or one “bad click.” We must increase awareness at all ages and levels, regardless of industry. In particular, it is of utmost importance to start teaching children about cybersecurity. In this era of rapid technological advancement, children need to immerse themselves in technology at a young age in order to learn the skills they will need throughout their lives. They must be empowered to make the most out of this opportunity, while also staying protected and aware of their risks.
Governments and the private sector should join together to work toward unified awareness campaigns. Initiatives such as “Stop. Think. Connect.” could serve a model for other efforts. Furthermore, users should never be the last line of defense in cybersecurity, as they need to play a role in educating each other and amplifying the reach of awareness campaigns. Cybersecurity is a shared responsibility.
We also need to push a gender-inclusive approach to cyber issues. The Inter-American Commission of Women of the OAS have already recognized differential impacts of COVID-19 on women’s lives, including the increase in violence against women and girls on the internet. Moreover, women are bearing a significant burden of the pandemic’s economic impact, particularly in terms of employment. This makes the case for mainstreaming gender considerations in cybersecurity policies as well as employment options.
As the COVID-19 pandemic accelerates digital transformation, it is essential that countries take a cognizant look at their cyber posture and implement concrete measures to promote a more reliable and trustworthy internet. These three strategic actions should be taken as initial steps towards building a stronger level of digital trust and enabling a robust cybersecurity environment in a post-pandemic world.