Governments adopting trace-and-track apps to prevent the spread of the pandemic have raised questions about the ‘right balance’ between pandemic response and privacy considerations. James Nunn-Price and Manish Sehgal set out the risks and challenges for individuals and businesses
The sudden global outbreak of COVID-19 brought significant challenges to our day-to-day lives. In recent weeks, several countries have begun to ease their COVID-19 lockdown restrictions, yet pandemic-related cyber threats appear undiminished.
In the face of COVID-19, from healthcare to commerce, cybersecurity and privacy rights have never been more important. Even before the pandemic, the World Economic Forum’s publication of The Global Risks Report 2020 listed cyberattacks as the biggest global threat after environmental risks.
Overview of cyber challenges
While the focus is on the health and economic threats posed by COVID-19, cybercriminals around the world undoubtedly are capitalizing on this crisis. The impact of COVID-19 on cyber preparedness is broad, and ranges from a rise in COVID-19-related phishing and ransomware attacks, increased delays in cyberattack detection and response due to IT/security teams being spread too thin, and increased security risk from remote working/learning, to positive ones such as the cyber posture of organizations naturally improving as a result of the pandemic.
Heightened cyber challenges include:
- Rapidly implemented digital and cloud technologies to enable remote working, and digital channels that lack sufficient hardening and security controls;
- Malicious and inadvertent insider threats caused by disgruntled or displaced employees and contractors;
- Evolving compliance circumstances for regulated industries;
- Stretched IT and cybersecurity resources managing an increased attack surface;
- Complex requirements for identity and access management as roles and responsibilities change;
- Greater difficulty in maintaining compliance with data privacy regulations; and
- Privacy considerations around accessing and processing
Although many of these cyber and privacy challenges existed prior to the COVID-19 pandemic, they now pose an even greater threat as the size and scale of connectivity for remote operations expands and the deployment of technology that collects data on the virus increases.