In the 1940s, psychologist Abraham Maslow proposed that human beings are motivated by five different categories of need. He represented these categories as a pyramid, from the most fundamental needs up to the more abstract. At the base of his Hierarchy of Needs, Maslow placed physiological needs: food, water, sleep, and so on. Just above that, he put safety.
The need to feel safe is one of the most fundamental aspects of the human experience. It affects the choices we make, the way we live our lives, and the ways in which we perceive the world. The same is true of our experience online.
And yet, there is much about the digital world that is not safe. In 2016, Cybersecurity Ventures predicted that cybercrime would cost the world $6 trillion each year by 2021, and the World Economic Forum has called cybercrime “one of the greatest risks to prosperity in the Fourth Industrial Revolution.”
As the COVID-19 pandemic sees more people using digital platforms and services than ever before, the cybersecurity landscape is shifting. While we’ve not yet seen the boom in cybercrime that was feared at the beginning of national lockdowns, we are seeing the nature of attacks change in tandem with the global health situation.
So what sort of cybersecurity developments are we observing in the new COVID-dominated world? And what do those developments mean for the future of digital identity?
As national lockdowns and slowdowns are introduced around the globe, more people than ever are working, socializing, and accessing services from home. Speaking to Forbes, Jim Fleming, Program Manager at ISM, observed that: “This is the perfect opportunity for cyber criminals who are tapping into the anxiety and confusion in the population.”
The National Cyber Security Centre (NCSC) and Cybersecurity and Infrastructure Security Agency (CISA) have reported a marked increase in cybercriminals exploiting the COVID landscape.
Phishing messages claiming to offer government aid, or subject headers like ‘Coronavirus outbreak in your city (Emergency)’, are designed to exploit people’s desperation and anxiety in order to harvest personal data and credentials or deploy malware. This information can then be exploited for the purposes of identity theft and fraud.
The U.S. Secret Service recently discovered that stolen credentials had been used to defraud the government of huge sums. Operated by a Nigerian cybercrime ring, the scam involved using the Social Security numbers and personal data of identity theft victims to submit false unemployment claims, leading to potential losses in the hundreds of millions of dollars.
Part of the reason that such social engineering methods work so effectively is their plausibility. Governments and other agencies use digital platforms to communicate with citizens, with email, SMS, social media, and Whatsapp all used as channels for official, legitimate communications.
As e-Government and digitized services and communications continue to expand, it becomes ever more vital that individuals are able to identify the difference between official and illegitimate sources, and trust the official communications they receive.
Targeting the Financial Sector
Vulnerability to COVID-related cybercrime is, of course, not limited to the individual. A recent report from VMware Carbon Black found that, between February and April 2020, there was a 238% surge in cyberattacks against banks.
In fact, the research suggested that more than a quarter of all cyberattacks in 2020 have been targeted at either the healthcare or financial sectors.
This is part of a wider trend in increased targeting of financial institutions over recent years. The Financial Times reports that cyberattacks on financial services increased fivefold in 2018, and the rate continues to grow year on year.
According to the World Bank, 1.7 billion people remain unbanked, leaving them reliant on unofficial or exploitative financial services, unable to escape the cycle of poverty. Online banking could help to address some of these inequalities, particularly in areas where access to physical banks is difficult.
But people will only consider managing their money online if they feel that they can trust digital services. If cyberattacks against financial services continue to increase - both during the pandemic and beyond - we risk consequences that extend beyond monetary cost; trust in digital identity itself will likely be affected.
Cybercrime comes in many forms, and some incidents are geopolitical in nature. The COVID-19 crisis has triggered new forms of state-sponsored cybercrime, as nationstates struggle to extract sensitive research and security information, and capitalize on the situation.
In May 2020, the United States Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) accused China of trying to hack U.S. research on COVID-19. The agencies warn that the healthcare, pharma, and research sectors have all become targets for cybercrime, as governments look to extract useful information on the virus and national response plans.
Non-governmental organizations, including the World Health Organization (WHO), have also observed incidences of COVID-linked, state-sponsored cybercrime. In April 2020, Reuters reported that Iranian-backed hackers had been targeting the WHO, observing that:
The vulnerability of national and international institutions demonstrates the scale of the cybersecurity threat facing the digital world in the years to come. Cybercrime does not just affect individuals and industries, entire governments and geopolitical institutions are at risk.
Towards a Solution
Ensuring the security of digital technologies is fundamental, both to generating user trust and developing systems that are deserving of trust. But how do we get there?
Agencies and organizations around the world are working to strengthen cybersecurity and address the problem of cybercrime, though there is no single solution that will put an end to cybercrime once and for all. That said, there are several core approaches that could help to strengthen cybersecurity and create a safer digital world for all.
The first of these is digital literacy. Many instances of cybercrime could be prevented simply by increasing user awareness and understanding. We currently have a major disparity in digital knowledge around age, education, socioeconomic status, and geography. Addressing these gaps in digital literacy and prioritizing inclusion could help individuals to better protect themselves against risk.
Another factor is investment. The COVID-19 pandemic has caused a huge strain on the global economy, and many nations will be left with serious recessions as a consequence of the pandemic.
In this stretched financial climate, we cannot allow cybersecurity to be forgotten. Long-term thinking must prevail, so that the funds are available to create systems that reflect #GoodID principles and the oversight needed to outsmart malicious actors.
Finally - and perhaps most importantly of all - we need global collaboration. Cybercrime has no borders; a cybersecurity problem in one country is a problem everywhere. To be effective, we need to see international agreements on action, and cooperation between various national security and law enforcement agencies.
Carnegie Europe surmises: “Coordination among these communities is improving slowly, but COVID-19 highlights the need and urgency for a much more coherent response. The international community needs a vision and a multi-year strategy to connect the fragmented lines of effort to strengthen cybersecurity in the global financial system…"
Whilst the COVID-19 pandemic presents serious challenges for cybersecurity, it also provides opportunities. The current global climate has demonstrated the now crucial importance of access to online services; it has highlighted existing security vulnerabilities, for individuals, industry, and governments; and it has underscored the vital importance of public trust in the digital sphere.
It has never been clearer how fundamental cybersecurity is to our digital future; because security is at the core of digital identity and public attitudes towards it. As our world becomes increasingly digitized, it's more important than ever that digital systems reflect #GoodID, so that we are safe and secure online.
The cybersecurity landscape is shifting; now is the time to ensure that it shifts in the right direction.