“Thank God for the Web!”
And, “I don’t know how I would have coped without seeing my friends and family on Zoom.”
Or, “How did they possible manage back in 1918 (during the last equivalent pandemic) without the Internet?”
We’ve all heard widespread sentiments like this for weeks now, and even as the countries begin to end the lockdowns and open more community businesses, large numbers of people plan to continue working from home for months, or until a vaccine is available or perhaps even forever.
There is no doubt that our connected virtual world has come to the rescue and enabled constant global communication at a level that would have been impossible at the beginning of this millennium. Internet service providers (ISPs), telecommunications and technology companies and many others have offered free services, new apps, expanded coverage and increased speeds to enable enhanced virtual lives for millions of people around the world.
In fact, according the Pew Research Center, 53 percent of Americans say the Internet has been essential during the COVID-19 outbreak, and another 34 percent say it is important but not essential. The list of digital “new normal” opportunities is, without a doubt, remarkable.
Nevertheless, there is a now a rapidly growing body of evidence suggesting that COVID-19 isn’t just making people catch a virus. This pandemic appears to be making the Internet explode with viruses and more ‘dark side’ troubles — with potential impacts that will reshape the future of cyberspace far after we can finally get our hair cut again or eat-out at a restaurant again with friends.
And sadly, despite the fact that an effective vaccine now seems highly probable within a year, there will be no simple cure to fix the Internet’s woes.
Cyber Details, Please
Back at the end of March I articulated why many experts felt that the rapid move to working from home during this pandemic was laying the groundwork for a surge in data breaches. From COVID-19 related phishing attacks to unsecured home Wi-Fi networks to the use of personally owned computer equipment that is not secure, the potential for bad actors to access sensitive business data has grown rapidly as people moved very quickly to working from home.
In the past two months, there have been numerous headlines articulating more scary details on this online hacking trend. In addition, several more recent announcements related to Internet fraud and data breaches have surfaced. For example:
- Arkansas Shuts Down Unemployment Website After Data Exposure
- Google Data Reveals 350% Surge In Phishing Websites During Coronavirus Pandemic
- Top UN official warns cyber crime on rise in pandemic
- Illinois to notify 32,000 unemployment claimants of data breach out of ‘abundance of caution’
- ‘Hundreds of millions of dollars’ lost in Washington to unemployment fraud amid coronavirus joblessness surge
This brief video from CNBC explains these cyber trends in details.
Will COVID-19 Tech Issues Bring a “Cyber Pearl Harbor?”
But taking this thread a big further, Steven McBride grabbed the attention of Forbes magazine readers a few weeks ago with the article titled: Why The Largest Cyberattack In History Could Happen Within Six Months.
Here’s an excerpt: “The coronavirus is laying the groundwork for a massive cyberattack. In fact, I’m on record today saying we’ll see the largest cyberattack in HISTORY within the next six months. …
So hundreds of millions of folks are using personal laptops — on unsecured home Internet connections — to access work files. Many of which likely contain confidential information and personal data.
This is a dream come true for cybercriminals. Hackers only need to gain access through one entry point to seize control of a whole network. Once they’re in they can steal data, secrets, and even lock you out of the network.
Hackers broke into the networks of America’s largest defense contractor, Lockheed Martin, by targeting remote workers. If they can infiltrate this system, you best believe remote workers with little security are easy pickings. …”
I highlight this article now, because when I posted it on LinkedIn with my personal perspectives, I received hundreds of comments and reactions from global security and technology experts. Some thought the article was just over-hyped FUD, but most people thought that the online cyberchallenges were indeed growing during the pandemic and making the Internet much less safe — while opening-up more Internet vulnerabilities and security holes.
Here is a small sample of some of the responses I received on LinkedIn regarding the Forbes article post:
Corey Munson: “PC Matic just launched a security survey of those working from home. The first 3,500 responses have been frightening. (Results will be out next week). The rapid mass migration to WFH & BYOD ‘gone wild’ has left massive security holes. How those risks are addressed now will determine what happens in the next 6 months.”
William Tucker: “Makes sense. I specifically use my extra personal computer for anything outside of work or researching something. Even though my ‘work’ computer is a personal computer too, I don’t do online stuff through it, unless it’s in the “work” work stream…. Even there we are limited according to our roles….separation of powers/privileges and workstation mapping.”
Caston Thomas: “There’s no way to predict the severity of a future attack. Complete fake news, equivalent to the crazy dude standing on a New York street corner screaming “The end is near.” Could it happen? Of course. …”
Richard Stiennon: “I understand your heated response Caston. That said, I did hear an interesting observation from a friend in Canada. There is no question that attack surfaces have been extended out to the home. Also that activity is heightened. If the average dwell time to discover a breach is 270 days, that means that starting 6 months from now we *will* learn of some breaches. Predicting the biggest in history is more of a stretch. …”
Security Solutions for the Pandemic, Please
I participated in a webinar this past week that was run by Government Technology magazine and Governing magazine titled: Cybersecurity at the Edge: Rethinking Security Strategy to Support the New Work From Home Normal. This important session (available for free viewing with registration) included:
- Mark Weatherford, Former First Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security
- Maria Thompson, State Chief Risk Officer, North Carolina Department of Information Technology
- Dustin Haisler, Chief Innovation Officer, e.Republic
- Dan Lohrmann, former CSO for State of Michigan and current CSO at Security Mentor Inc.
The webinar covered current hot technology trends in governments around the world. While there has been a huge positive movement towards working from home (WFH) which has been successful in the public and private sectors, there has also been a surge in online fraud and hacking that is just now becoming clear — with more announcements likely in the coming months (or even years) ahead. Many detailed figures can be found in this Kaspersky Research report.
During the webinar I offered these excellent resources for organizations that want to improve their business and government cybersecurity at this time of emergency:
- National Association of State Chief Information Officers (NASCIO) – https://www.nascio.org/covid19resources/
- National Governors Association (NGA) – https://www.nga.org/coronavirus/
- Multi-State Information Sharing & Analysis Center (MS-ISAC): Part of Center for Internet Security (CIS) – https://www.cisecurity.org/blog/resource-guide-for-cybersecurity-during-the-covid-19-pandemic/
- Lear Corp. – Safe Work Playbook – https://lear.com/safeworkplaybook
- Governing + Government Technology Magazine – https://www.govtech.com/security/ and https://www.governing.com/crisisresponse
One bright spot that I have seen arise in the past few months has been the recognition that organizations need more cybersecurity spending following these new coronavirus concerns. Almost 70 percent of the global organizations surveyed plan to increase their cyber spending in the coming months.
“With coronavirus crisis creating new opportunities for cybercriminals, this figure could easily increase by the end of the year. Besides boosting their cybersecurity spending, as the top IT priority this year, around 55% of major organizations will boost their investments in automation solutions, revealed HFS Research survey conducted in April. Smart analytics, hybrid or multi-cloud and artificial intelligence follow, with 53%, 49% and 46% of those bodies asked naming them as their leading IT investments this year. …”
Whether a major, debilitating cyberattack is coming is debatable. Some will say the Internet was already sick, while admitting that this coronavirus is making cyberspace less safe by exposing weaknesses that were already present. Is that so different than a lack of a sufficient national stockpile of personal protective equipment (PPE)?
No doubt, the importance of cybersecurity has only grown during this pandemic. As the paperless office is becoming closer to reality by necessity, and business transformations and digital government keep growing faster than ever, cyberprotections are also more vital than ever — but too often neglected.
So while the Internet is alive and more important than ever to our lives in 2020, COVID-19 is bringing about a cyber pandemic that will linger long after a vaccine or cure is found for this disease.