A Cyber-Trust Brief
by Olga Gkotsopoulou, VUB
Even though companies have become more resilient over time, studies show that cyber-attacks have evolved and have become even more frequent [i]. This is more so true, especially in times of emergency and disaster at a national or global level. Since the beginning of the COVID-19 outbreak which led in an increase in the number of people staying at home and the turn into digital services, a significant upsurge has been noted in the total of cyber-attacks targeting public or private organisations and individuals, as Europol suggests in its report published from 3 April. [ii] Europol observes an intensification of ransomware attacks over the timespan of the pandemic outbreak and a spike in malicious domain name registration, whereas an escalation in Denial of Distributed Services (DDoS) attacks is expected in short or medium term.
Several state authorities and law enforcement agencies have issued fraud and scam warnings, due to the vast number of wide-spread COVID-19 related phishing campaigns. This includes an array of suspicious emails about COVID-19 related tax, fake cures and donation requests [iii], and the publishing of thousands of coronavirus-related bait websites [iv]. The list of attacks grows quite long [v], including large-scale cyberattacks against hospitals, businesses, teleworking platforms, with latest the case of the Italian Agency of Social Security and Welfare, stalling the processing of thousands of applications for COVID-19 related benefits [vi].
All those occurrences can lead to security and data breaches, including the exposure of personal data and sensitive information with huge impact on data subjects’ fundamental rights. At the same time, they can result in apparatus damage, impaired corporate reputation, diminished clientele trust as well as direct or indirect financial loss.
The European Commission, the EU Agency for Cybersecurity (ENISA), the CERT-EU and the Europol in a recent statement [vii], stress that given the “spurred widespread anxiety” and the new challenging circumstances, they will continue to monitor the situation very closely and coordinate with each other to guarantee a safer cyberspace, making sure to address the new malicious activities that target remote workers, businesses and individuals alike. The biggest Internet companies also issued a joint statement that they are joining their forces to fight against COVID-19 related fraud [viii], whereas volunteer cybersecurity experts around the world team up to enhance cyber-threat intelligence in relation to the COVID-19 extraordinary conditions [ix].
What to do to stay cyber-safe?
ENISA published on 24 March its “Tips for cybersecurity when working from home”, providing useful recommendations for employers and employees on teleworking, including the use of encrypted communication channels, secure remote access technologies, BYOD considerations, additional IT resources, trainings and the establishment of contact points. Moreover, it is now more important than ever to “make your home a cyber safe stronghold”. For tips and advice on how to do this, the Europol’s Infographic on public awareness and prevention, provided in several languages, stipulates a number of easy steps to enhance security resilience.
Additionally, several state authorities and data protection authorities have issued guidance on how to work safely from home both for business and individuals and how to safeguard your data, given the increased data flows.
- In United Kingdom, the National Cybersecurity Center has published handy guidelines on ‘Home working: preparing your organisation and staff’, including advice on spotting coronavirus (COVID-19) scam emails. They also put together an informative Weekly Threat Report.
- In France, the government issued guidelines for the reinforcement of cybersecurity measures and specific recommendations for teleworking. The French Data Protection Authority also issued guidelines for teleworking, concerning system security and online services and provided useful resources.
- In Greece, the Ministry of E-government, created an infographic with tips for secure use of online services.
- In Germany, the Schleswig-Holstein Data Protection Authority has issued guidance for remote working, whereas the Brandenburg Data Protection Authority has drafted recommendations for teachers and students with respect to distance learning.
- In Italy, the Italian Data Protection Authority (Garante) has also issued several opinions assessing the current situation, with recommendations about the use of social media.
Last but not least, VUB/LSTS (Cyber-Trust partner) has created a resources and news observatory, where you can find a collection of useful material on data protection law and the COVID-19 outbreak, including issues of cyber and data security in Europe and across the world, as well as recommendations, official statements, academic publications and news.
Summing up, this proliferation of cyber-attacks amid emergency and disaster times, including the current pandemic, and their potential consequences, attests once again the importance of having organisational and technical means in place which enhance digital security. This is particularly true provided that several states consider the use of novel forms of technology for monitoring, tracing and containing the virus spread as well as enforcing emergency measures. At the same time, the adoption of a more – almost complete – digitalised way of lifestyle, work, health, education and social contact is currently encouraged, which constitutes a very new and unfamiliar situation for many businesses, public entities and individuals exposing them to novel threats and risks.
In line with the respect for fundamental rights and freedoms, network and information security research and implementation should lay in the heart of all discussions; Cyber-Trust is a H2020 project which aims specifically to develop an innovative cyber-threat intelligence gathering, detection, and mitigation platform, which will holistically secure the ecosystem of IoT devices and safeguard large-scale smart infrastructure and smart homes from such attacks. The Cyber-Trust platform is structured around three pillars: a. key proactive technologies in relation to cyber-threat intelligence gathering and sharing, b. cyber-attack detection and mitigation tools, and c. distributed ledger technologies for the secure transfer of electronic evidence.
Stay up to date on the work of Cyber-Trust, by checking our website and following our social media accounts on Twitter, Facebook and LinkedIn. Further, do not miss any updates by taking a look at our newsletter!
[i] Department for Digital, Culture, Media & Sport, ‘Cyber Security Breaches Survey 2020’, gov.uk (26 March 2020), available here.
[ii] Europol, ‘Catching the virus – cybercrime, disinformation and the COVID-19 pandemic’ (3 April 2020), available here.
[iii] Tidy, Joe, ‘Coronavirus: How hackers are preying on fears of Covid-19’, BBC (13 March 2020), available here.
[iv] Lakshmanan, Ravie, ‘Hackers created Thousand of Coronavirus (COVID-19) Related Sites As Bait’, The Hacker News (18 March 2020), available here.
[v] Grober, David, ‘Roundup: Coronavirus COVID-19 pandemic delivers array of cybersecurity challenges’, ZDNet (updated regularly), available here.
[vi] Amante, Angelo, ‘Italy’s social security website hit by hacker attack’, Reuters (1 April 2020), available here.
[vii] European Commission, ENISA, CERT-EU and Europol, Coronavirus outbreak – Joint Statement (20 March 2020), available here.
[viii] Cimpanu, Catalin, ‘Internet’s largest social networks issue joint statement on COVID-19 misinformation’, ZDNet, (17 March 2020) available here.
[ix] Menn, Joseph, ‘Cybersecurity experts come together to fight coronavirus-related hacking’, World Economic Forum (27 March 2020), available here.