In a recent forty-five minute webinar about the state of cybersecurity in COVID-19 times, Mikko Hypponen, an expert on the matter to whom the Hypponen Law of IoT security is credited, said that during the time of a crysis bad actors on the internet becomes particularly active.
Now, that’s not the end of the list of vulnerabilities and precautions he warned his viewer about. We will get to that later. First, let’s take a step back and look at how you might be affected by the surge in security compromises on the internet.
Assuming you are working from home, you have been using some kind of instant messenger software, with or without video conferencing options, e-mail clients and other various sorts of communications softwares. While in the office floor you were pretty safe behind a corporate firewall and a team of IT personnel to come take look at your computer at the first glance of an irregularity, but in your home, you are connected to the internet through a regular internet service provider and a router that has not seen password changes in six months or a year.
Also you may practice safe browsing habits, other members of your family might not be so careful. In all of these cases, all of your personal, private and/or corporate information are wide open to compromise.
State of International Cybersecurity in COVID-19 Times
Officials of the EU and the UN are very worried about these situations. In the era of novel coronavirus, we are forced to isolate ourselves in order to flatten the curve—so that we don’t get infected, if we are already not, or become the carrier by whom ten other people get infected causing a chain reaction of infections. Thus we have been introduced to the term “social distancing.” The United States has shut down or postponed many services that they deem “non- essential.” And working from home has become the new norm in this ever connected world.
But, we were not ready, neither were those officials from European Union and United Nations. Their daily and frequent communications are being done by video conferences and constant stream of emails thrown back and forth. All of the information, sensitive or otherwise, are being transmitted by the internet. This is a very lucrative opportunity to steal said sensitive information. One such official has exclaimed that these video conferences are an open invitation for the hackers. Since we were not ready, ready to cope with this vulnerability, we all have become targets of phishing, malwares, eavesdroppings, spoofing or other assortment of cybersecurity threats in COVID-19 times.
Now, let’s focus on the corporate environment again. Let’s say a certain pharmaceutical firm has been working tirelessly day in and day out with the view to find a vaccine to cure the patients most prone to death from the coronavirus. And for a sniff of that extremely valuable piece of information corporate espionage is being mounted on an unprecedented scale, by any actor, nation or otherwise. What disaster might happen if that formula ends up in the wrong hands.
In that webinar Mister Hypponen shows us several images from a hospital in Italy, a country devastated both economically and in thousands of human lives by COVID-19. In those images, as Mikko points out, there are computers and connected devices accompanying all the patients lying in those hospital beds. Those computers contain vital information regarding the condition of the patient and progress of his or her recovery. No one can say for certain that those computers are under ironclad security of state-of-the-art firewalls or anti-malware protection.
Mister Hypponen also shows us that these kinds of situations, situations where pandemic ravaging lives all over the globe and healthcare systems are on the brink of being overrun, these are the kinds of instances when hackers find the hospitals as ripe targets for ransomware attacks. He shows us various cases of such attacks in real life, happening in the first world hospitals. Even in 2020, the Pleasant Valley Hospital in West Virginia, US was reported being attacked by ransomware. And the worst case scenario, a small town hospital in California, the Wood Ranch Medical, declared bankruptcy under the threat of a ransomware.
These are not the least of our worries. Because when all the government agencies are rushing towards keeping the economy stable, there might be a window to launch an attack by interested groups on any nation’s critical infrastructures, such as water, gas, or even the electrical grid. Where the coronavirus may not be the biological weapon, but it can open avenues for other attacks just as easily.
Another potential target of cyber security breaches may be the intellectual properties held by persons or organisations. Proprietary information has always been a target by the black hats, to obtain and sell in the dark web to the highest bidder. And given the opportunity of a professional sitting at their home-computer with maybe an outdated Windows XP or compromised internet security software can be an easy conduit of intercepting such information.
All the ways a malware may propagate, in this time, the most effective way is thought of as the phishing links disguised as a news article relating to the coronavirus. We are all reading these news articles, and some of us may be being less careful about the origin of such links before clicking on them. Other ways might be the macros in the word or excel files that are being sent to us from mail addresses bearing uncanny similarity of our official web mails.
Some of them might announce one of our colleagues might have caught the virus, so they want some information to better organize a quarantine. Others may want our log-in information saying that the mail clients have been updated and we must log in again using the given link.
Tips for Cybersecurity in COVID-19 Times
Experts are not just issuing cautionary tales without giving some solid, easy to follow advices on how to stay reasonably safe during this unforeseen, trying times. The first of which is using and masking everyone’s internet activity by a VPN. VPNs are virtual private network softwares. They encrypt and bounces the data packets through different servers before they reach their destinations. So, anyone who might be trying to snoop around our internet activity, might find them uninteresting and insignificant. And, thereby ignore them altogether, or fail to decrypt the data packets in case they are intercepted.
There are free options and paid options on VPN services, some paid versions may offer one to more months of free trials. Using them is highly advised by all of the experts who have been warning the public about the dangers of a vulnerable connection.
If you have not changed them already, now is the best time to change your wi-fi and router passwords to something more robust and unpredictable. Passwords with 8 or more characters containing both upper and lower cases and some special characters such as the pound sign or hash tag, exclamation point, caps etc along with some numbers are considered to be strong. Some sign up forms have password strength meters at the bottom of the password box to indicate how difficult it is to guess your password by anyone who might want to guess them.
Keeping your operating systems updated ensures it has all the latest security measures put in place. The updates fix bugs as well that could have been exploited by the hackers. So, if you had been putting off that annoying windows update, it is better to run it now, than later.
Another measure to keep your operations safer is to separate the work computers from those that are usually used for entertainment. This is a good practice because the entertainment websites may be cloned, and to any pair of unsuspecting eyes they may appear legit, but are just clones to collect your log-in information, mail address and browsing history. They fetch a great price in the targeted advertisement business.
Not letting your kids near your work computer is also advised. Because, they may lock your personal computer by trying to open it with repeated entries of wrong password, limiting you to be on time for work. Or they may click on some links that you would have no problem avoiding.
Take care of your Cybersecurity in COVID-19 Times
This is a historic time. We will be talking about and pulling references about this time for years to come. When they write the histories of the twenty-first century, the COVID-19 pandemic and the year 2020 will surely be mentioned countless times. With our advanced medical technologies and automated systems to assist, this level of human cost and suffering is unprecedented.
And we are not out of the woods yet. So, staying safe from the coronavirus itself might not be enough, we have to be careful about the threat lurking around the interweb too. Without our careful, concerted efforts, bad actors will find ways to bring on more suffering and trouble on us. We can defeat both of these threats. Human spirit must endure and flourish against all odds.