COVID-19’s Impact on Cybersecurity
Cybersecurity and public health seem like disparate topics, but the pandemic that is COVID-19 has demonstrated that not only are these matters so intrinsically linked — they both expose the need and importance of a strong national cybersecurity policy and infrastructure.
How is cybersecurity impacted?
In light of the pandemic, the internet has, overnight, become the primary conduit for all human interaction.
Locally, the government’s implementation of a Luzon-wide lockdown since 16 March 2020 has created an environment that is highly reliant on the internet to facilitate even the most basic aspects of everyday life. Work, learning, grocery, food services, banking, and even charitable endeavors have now become virtual.
This heightened dependency on the internet and digital infrastructure has emphasized one essential truth — dependence begets vulnerability.
No one is safe
More people have been relying on the internet for information and advice on how to navigate this pandemic. Unfortunately, Guy Berger, Director for Policies and Strategies regarding Communication and Information at UNESCO, has stated that presently there is no area left untouched by disinformation and false news in relation to the COVID-19 crisis. A simple scroll through a netizen’s Facebook feed would underscore the proliferation of fake news involving the origin of the virus, miracle prevention and cures, and responses made by local and foreign governments, companies, politicians, and influencers.
The World Health Organization (WHO) noted an increase in hacker activity and reported cyber scammers posing as legitimate agencies attempting to deceive individuals into sharing their sensitive information (such as usernames and passwords) or opening malicious links and email attachments to spread malware. Causing greater concern is the fact that these attacks are not only targeted individuals but large companies and government entities. In fact, the U.S. Health and Human Services Department suffered a cyber-attack on its computer system, which it characterized as part of a campaign of disruption and disinformation.
Locally, Philippine National Police spokesman Police Brigadier General Bernard Banac stated that, since the beginning of the lockdown, there have been cases involving individuals spreading COVID-related fake news, violations of data privacy, illegal selling and hoarding of merchandise, and scams involving the selling of personal protective equipment, commonly referred to as “PPE.”
Considering how the circumstances affect public health and have disrupted daily economic activities, any cyberattack on companies, individuals, and governments will not only be devastating, they can be irreversible. In a perfect storm, a cyberattack could paralyze entire cities including their public health networks.
It must be recognized that COVID-19 is a crisis that affects cybersecurity, privacy, and information.
Considering that physical distancing guidelines are likely to be implemented even after the Enhanced Community Quarantine (ECQ) is lifted, any dependence on the internet and the broader digital infrastructure will be inevitable and unavoidable. This stresses our individual responsibility to keep our information and devices secure.
Individuals must embrace a sense of vigilance to verify sources of COVID-19 related information prior to sharing these with friends and family. Trusted sources of data such as government websites and international organizations like the United Nations (UN) and the WHO are among the best sources for COVID-19 updates.
The new reliance on video-conferencing and internetted workflows for the daily functioning of businesses doubly underscores the importance of tough encryption, secure devices, reliable internet providers, and effective cyber defenses, from the standpoint of both the private and public sectors. An investment in critical technological infrastructure is no longer a luxury but a supreme requirement for business continuity.
Lastly, according to the UN’s Department of Economic and Social Affairs, governments, being the first custodian of COVID-19 related data, have the responsibility to provide accurate, useful and up-to-date information to its citizens, particularly during times of crisis.
The openness of the Philippine government to embrace technology in managing and creating policies to address COVID-19 is not unnoticed. In fact, the website staysafe.ph is the latest collaboration between the government and the private sector. It aims to provide not only a real-time update on the status of COVID-19 but also a facility to allow remote contact tracing and provision of basic government services.
The government, business, and civic society must include cybersecurity in any post-pandemic evaluation. In all cases, the incorporation and use of big data will require technology initiatives aimed at preemptive, sound health information and health policy.
Keeshia Alyanna H. Alix is a Mid-Level Associate and a member of the Technology Media and Telecommunications, Litigation, Corporate Services, and Data Privacy Groups of Gorriceta Africa Cauton & Saavedra (www.gorricetalaw.com). Keeshia’s practice areas include civil and criminal litigation and general corporate law. She also assists clients in determining licensing and in complying with legal and regulatory requirements for their specific industries and activities. She handles Data Privacy Act compliance for various clients.