Governments adopting trace-and-track apps to prevent the spread of this coronavirus have raised questions about the ‘right balance’ between crisis response and privacy considerations. James Nunn-Price and Manish Sehgal set out the risks and challenges for individuals and businesses
The sudden global outbreak of covid-19 brought significant challenges to our day-to-day lives. In recent weeks, several countries have begun to ease their virus lockdown restrictions, yet pandemic-related cyber threats appear undiminished.
In the face of covid-19, from healthcare to commerce, cybersecurity and privacy rights have never been more important. Even before the pandemic, the World Economic Forum’s publication of The Global Risks Report 2020 listed cyberattacks as the biggest global threat after environmental risks.
Overview of cyber challenges
While the focus is on the health and economic threats posed by covid-19, cybercriminals around the world are undoubtedly capitalizing on the crisis.
The impact of covid-19 on cyber preparedness is broad and ranges from a rise in related phishing and ransomware attacks, increased delays in cyberattack detection and response due to IT/security teams being spread too thin, and increased security risk from remote working/learning, while the positives include the cyber posture of organizations naturally improving since the pandemic.
Heightened cyber challenges include:
- Rapidly implemented digital and cloud technologies to enable remote working, and digital channels that lack sufficient hardening and security controls;
- Malicious and inadvertent insider threats caused by disgruntled or displaced employees and contractors;
- Evolving compliance circumstances for regulated industries;
- Stretched IT and cybersecurity resources managing an increased attack surface;
- Complex requirements for identity and access management as roles and responsibilities change;
- Greater difficulty in maintaining compliance with data privacy regulations; and
- Privacy considerations around accessing and processing information.
Although many of these cyber and privacy challenges existed prior to the covid-19 pandemic, they now pose an even greater threat as the size and scale of connectivity for remote operations expands and the deployment of technology that collects data on the virus increases.
Protecting privacy, ensuring safety
The pandemic has prompted governments, as well as public and private organizations, to adopt necessary measures to prevent the spread of the virus and mitigate the health crisis. Nations are using leading technologies as part of an overall response to combat the outbreak.
Often such measures include collecting and processing a large variety of information related to citizens and employees such as names, addresses, workplaces, travel histories, and health information, sourced from tracing and surveillance tools, both on mobile devices and physical assets.
This aspect of accessing and processing information (private and health-related) has raised questions around the globe about the “right balance” between pandemic response, recovery measures and privacy considerations.
Contact tracing of citizens
Tracing applications help to monitor and alert healthcare authorities about potential encounters with covid-19. They have become highly recommended government tools, adopted by the public at large and used by health authorities trying to contain the pandemic.
Like most of the world, several nations in Asia-Pacific are working to flatten the curve. A common method is the active deployment of technology that collects data on the virus, including tracking and surveillance of those who have been infected.
Contact tracing applications being used in the region have diverse features including: