The proliferation of digital innovations that allow people to work from home and make transactions online has been key to mitigating some challenges of the coronavirus. However, this digital shift has also heightened the threat of cyberattacks, particularly in emerging markets.
As lockdowns and curfews were introduced around the world to protect citizens from COVID-19, daily life moved online.
In terms of work, many companies utilised digital programmes such as Skype and Zoom to allow employees work remotely, while various e-learning initiatives were also established – enabling students at the primary, secondary and tertiary level to continue their studies from home during the pandemic.
In Bahrain, for example, the Ministry of Education set up an online portal for students and teachers that was updated daily with thousands of lessons, sample exams, e-books and other learning materials.
Elsewhere, social distancing measures led to spikes in demand for e-commerce platforms and online delivery services.
For example, in Indonesia digital transactions rose by 102.5% year-on-year in the first four months of 2020. In the UAE, figures from Ken Research showed that online grocery orders had increased by 80-100% in the first months of the year as a result of the virus, while some online retailers in Saudi Arabia saw a 200% increase in average sales during the pandemic’s early stages.
Cyber threats on the rise
While the increased adoption of digital solutions has played a significant role in reducing the risk of contracting the virus, as well as allowing people to continue working and studying, it has also increased cybersecurity challenges.
Put simply, the more people that are using digital platforms, the more pressure is placed on existing cybersecurity controls – and the greater the chance of potential attacks.
This is particularly relevant for those working from home. While firms often have cybersecurity defences installed in offices and on company computers, the same is not always true of employees working remotely.
According to McKinsey, the shift toward remote working has amplified longstanding cybersecurity risks: such as people accessing unsecured data without VPN software, and the physical and psychological stressors which often lead to employees by-passing controls and taking risky options in order to complete assigned tasks.
Similar threats apply to financial platforms. With increased activity and a significant increase in the value of money being transferred, many analysts believe there is a heightened cyberthreat on insecure platforms.
This is particularly pertinent in emerging markets: less affluent people are more likely to use unsecured digital channels or older methods that utilise SMS or USSD to conduct financial transactions.
There has also been numerous high-profile reports of individuals and institutions being targetted by hackers since start of the pandemic.
For example, a phishing attack in India purported to offer people a free Netflix subscription during the lockdown if they filled out a survey and forwarded the message to 10 people.
In August, INTERPOL noted that it had witnessed a significant amount of COVID-19-related cyberthreats – such as coronavirus-themed online scams and phishing emails impersonating government and health authorities, as well as malware targetting health care institutions.
To demonstrate the scale of the threat, INTERPOL said that between January and April one of its private sector partners had detected 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs that were all related to Covid-19.
While individuals and small businesses are threatened, larger institutions have also become targets.
In a statement released in late April, the World Health Organisation said that it had experienced a five-fold increase in the number of cyberattacks since the outbreak of COVID-19, with the email addresses and passwords of thousands of people working on tasks in response to the virus being leaked online.
Digital solutions to digital challenges
In light of increased digital activity and the heightened cyberthreat, companies and governments alike have been looking to strengthen their defences.
“We have seen a surge in uptake of data centre services, much of which is driven by e-commerce. In the first two weeks of ECQ [enhanced community quarantine], we had close to 50,000 new connections,” Al Panlilio, president and CEO of Smart Communications, and the chief revenue officer of Philippine telecoms company PLDT, told OBG in late July.
“It was therefore very important for us to offer cybersecurity to the market. We began to offer three months of access to our endpoint advanced security service and three months of free access to our cybersecurity portfolio for hospitals, as we noticed that the health sector was the target of many attacks during the start of ECQ.”
Given the scale of the threat, many governments or businesses in emerging markets may lack the necessary expertise and resources to build adequate safeguards.
To overcome this, some in the industry have called for the development of regional cybersecurity resource centres – where multiple countries and/or bodies can pool knowledge to bolster protection.
Advocates say that while such a development would add to – rather than supplant – existing cybersecurity structures, they could also be used to develop talent and drive innovation in the sector.