Information Security during and after COVID-19

The sudden outburst of coronavirus which is shaking various Global operations has definitely put focus on Information Security on priority because of many practical reasons.

---

---

Corporate and Business: Businesses and public-sector organizations are increasingly offering or enforcing “work from home” policies. Social interactions are rapidly becoming confined to video calls, social media posts and chat programs due to lock down. The work from home increased volumes of confidential data and documents to move across individual personal/home IP addresses to corporate systems / Cloud, without the established Virtual Private Networks (VPN). Many governments are disseminating information via digital means. The world is unprepared to be ready with necessary security measures before above operations became exponentially huge. The three leading challenges were provision of secure remote access for employees, the need for remote access scalable solutions and helping employees working from home who are using shadow IT solutions – untested software, tools and services.

Entertainment: As people need to spend leisure time at home, more and more people are moving to entertainment on their home systems and mobiles. It is observed that registrations to Netflix type sites, Video gaming sites, have increased. Online streaming services provided by brands such as Netflix and now Disney+ are likely to see 12% growth.⁵ These are opening up more IP addresses to hackers. During March 21^st – 27^th (week 12) the first week of the lockdown, India’s total TV consumption grew by 37% to cross 1.21 trillion minutes, highest ever in the history of Indian television.³ COVID-19 pushes up internet use 70% and streaming more than 12%, first figures reveal.⁵

Education: Another dimension is the teaching through online by all global education institutes from primary to university. This has opened up millions of IP addresses accessible to hackers. While countries are at different points in their COVID-19 infection rates, worldwide, there are currently more than 1.2 billion children in 186 countries affected by school closures due to the pandemic.⁴ BYJU’s has seen a 200% increase in the number of new students using its product.⁴

Financial Transactions: Hitherto, who have been using cash payment at respective windows for all statutory activities like power, water, and insurances, have moved to digital payments to ensure no default payment situations. Thus, payments either through online banking, use of debit cards, credit cards, and other gateways have increased, again giving more opportunity for hackers. People need to be beware of the fake UPI IDs. A mobile banking malware called “EventBot”, which steals personal financial information, may affect Android phone users in India, the federal cyber-security agency has said in an advisory. ¹

---

In all these scenarios, as more and more IP addresses are available and novice users may be using the web, hackers use multiple methods to trap and elicit information for fraudulent activities, leading to more stringent information security methods. The cyber criminals use the media to mislead and create public fear of rising coronavirus cases through malware and phishing emails in the disguise of content coming from the Center for Disease Control and Prevention (CDC) in the US and World Health Organization (WHO). Cyber Intelligence Center has observed a spike in phishing attacks, malspams and ransomware attacks. This result in more infected personal computers and phones.¹⁶ There are reports about Corona research sites being hacked. Experts say Russia, Iran and China likely to be behind cyber-attacks on universities.¹³ According to a Google report, Gmail has been blocking 18 million coronavirus related phishing emails and billions of spam messages every day.

About 71% of security professionals reported an increase in security threats or attacks since the beginning of the coronavirus outbreak. British supercomputer ARCHER, which is used for academic research by universities operating in the U.K., has been hit by a cyber attack. A large government entity in North America suffered from a distributed denial-of-service attack. A major hospital in Europe was hit with a cyber attack that forced it to suspend scheduled operations, shut down its IT network, and move acute-care patients to another facility. 60% companies are targeted by email-related security threats every week: Survey ¹⁵

Cyber Threats – Risk prevention:

The vast majority of cyber attacks deploy social engineering methods. Coronavirus pandemic has created a perfect storm of a global news event together with dramatic changes in working practices and the technologies used by organizations. A heightened dependency on digital infrastructure raises the cost of failure. The Internet has almost instantly become the channel for effective human interaction and the primary way we people work, contact and support one another. Cyber crime exploits fear and uncertainty. More time online, could lead to riskier behavior.⁹

Security concerns over the coming months – 61% respondents were concerned about the security risks of having to make rapid changes to enable remote working, and 55% felt that remote access security needed improving. About 49% are concerned about the need to scale up endpoint security. TCS aims to have only 25% of its workforce in office by 2025¹⁰, and many other organizations may follow the suite.

Check that you have a long, complex router password for your home Wi-Fi and that system firewalls are active on your router. Google recommends that users should consider enabling two-factor authentication for ‘online banking and other similar services to provide an extra layer of security’. Google recommends that Meet users should add ‘an extra layer of verification to help ensure only invited attendees gain access to the meeting’ and using private, unique, and hard-to-guess passwords. Employees working remotely should be required to use multi-factor authentication (MFA) to access networks and critical applications.

Corporate should also keep an eye out for new shadow-IT systems that employees use or create to ease working from home, to compensate for in-office capabilities they can’t access, or to get around obstacles. Patches that protect remote infrastructure deserve particular attention. Even with increased traffic, validating remote communications and collaboration tools allow companies to support incident-response (IR) and business-continuity (BC) / disaster-recovery (DR) plans.

Determine whether organization’s risk-response approach is effective and efficient. ¹³ Companies should be proactive in asking their suppliers and contractors, what they are doing to bolster their cyber defenses to be able to respond remotely to incidents during these times.

---

DISCUSSION QUESTIONS

---

• Q1) What care needs to be taken by corporate system team to build more security providing work from home facility?
• Q2) How can one measure productivity during work from home?
• Q3) What can be the new leadership/managerial role during work from home scenario?
• Q4) Any new opportunities for insurance to work with corporate, as employee’s people work from home (about loss of data/risk coverage etc)?
• Q5) How can banks prevent huge losses by bringing in new statutory rules for with drawls, transfers of funds?
• Q6) Shall Banking, FS, Insurance stop doing marketing activities to prevent hackers create spurious sites?

---

REFERENCES

---

1. Economic Times: Cybercriminals exploiting public fear of rising COVID-19
2. WHO reports fivefold increase in cyber attacks, urges vigilance
3. Economic Times: Covid-19 impact: TV consumption reached a historic high of 1.2 trillion minutes in a week
4. World Economic Forum: The COVID-19 pandemic has changed education forever. This is how
5. Forbes: COVID-19 Pushes Up Internet Use 70% And Streaming More Than 12%, First Figures Reveal
6. Express Computer: Enterprises report increase in security threats and attacks during COVID-19 outbreak: Report
7. Hindustan Times: Google explains how you can avoid Covid-19 related security risks
8. World Economic Forum: How to protect yourself from cyberattacks when working from home during COVID-19
9. World Economic Forum: Why cybersecurity matters more than ever during the coronavirus pandemic
10. TechGig: Future of WFH: TCS aims to have only 25% of its workforce in office by 2025
11. McKinsey & Co.: Cybersecurity tactics for the coronavirus pandemic
12. McKinsey & Co.: Cybersecurity’s dual mission during the coronavirus crisis
13. The Gaurdian: Hostile states trying to steal coronavirus research, says UK agency
14. Security Magazine: British Supercomputer ARCHER Suffers Cyberattack
15. .Economic Times: Cybercriminals exploiting public fear of rising COVID-19
16. Deloitte: COVID-19’s Impact on Cybersecurity
17. Lexology: Top 10 Cyber Security issues amid Covid-19

---

• All rights are reserved. No part of this publication may be reproduced or copied in any form by any means without written permission.
• The views expressed in this publication are purely personal judgments of the authors and do not reflect the views of The Icfai Society
• The views expressed by the contributors represent their personal views and not necessarily the views of the organizations they work/represent
• All efforts are made to ensure that the published information is correct. The Icfai Society is not responsible for any errors caused due to oversight or otherwise