Technology doesn’t alone solve cyber-security challenges as processes and procedures are needed alongside continuous awareness campaigns to ensure that workplaces remain secure, said experts during an e-Discussion.They also recommended regular vulnerability assessments and the use of best practices to ensure systems are safeguarded against cyber-attacks during these difficult times, adding that people, processes, and technology go together in this fight to ensure cyber-security. The e-Discussion — Cyber Security Crisis Management: Lessons from Covid-19 — organised by Trends Research & Advisory, was part of its Strategic Dialogue E-Forum, which gathered several prominent experts who highlighted the various dimensions of cyber-security crisis management and the lessons learned from the pandemic. It was moderated by Emina Osmandzikovic, Researcher at the Trends Research & Advisory. Speaking at the event, Muntaser Bdair, COO of SecurityMatterz, Saudi Arabia, said the challenge is related to national security as even critical infrastructure of countries is vulnerable to cyber-attacks. According to him, the global average cost of a data breach for the year 2019 was almost $3.9 million. “There are the enemy or state-sponsored hackers, also called e-soldiers involved in cyber wars, which makes it even more dangerous. We live in a digital world and Covid-19 is pushing us further and faster into digital transformation. The more open you are the more risk cyber-security vulnerabilities you are exposed to,” he said. Muntaser said that several laws push governments and organisations to do more and that awareness is growing in the Middle East. “There have been over 907,000 spam messages, 48,000 hits on malicious URLs, and 737 malware threats detected in the GCC. That tells you that we may be quarantined but hackers are not. They are taking advantage of the situation,” he said. Muntaser emphasised that awareness is the best control mechanism to ensure cyber-security. “Social engineering or phishing is aimed at the people element through which hackers target the mind of the people to get access to sensitive information,” he said. According to Muntaser, as many as 76 per cent of organisations experienced phishing attacks in the past year. He also highlighted the need to remain aware of social media security, especially during quarantine when it is being widely used. “How much we put out there could be critical as we put a lot of information on our social media. We encourage more people to do more about cyber-security threats,” he pointed out. Naeem S. Musa, Chief Information Security Officer (CISO) at the Commodity Futures Trading Commission (CFTC), United States, shared his tips for remote-working taking into account the cyber-security threats during Covid-19. Tele-working, he said, needs extra precautions, which include ensuring that connected devices do not harm or interfere with the office networks. He came up with a set of recommendations for organisations including steps such as guarding and updating devices, creating strong passwords, using two-factor identification, and encrypting emails. According to him, we also need to ensure that our home infrastructure such as modem and router is up to date as they are easy to hack into and could give away to access to sensitive information. “If you are shopping online — don’t use the same password and username. Always change passwords and keep them strong and hard to guess,” he said. Giving a European perspective, Andrew Staniforth, Director of Saher-Europe and Non-Resident Fellow, Counter-Terrorism, at Trends, United Kingdom, highlighted the various aspects of organisational resilience and the combating of Covid-19 cyber threats. “Security matters in various ways and organisations have had to prevent, respond, and recover in the face of this challenge. The Covid-19 pandemic has exposed pre-existing cyber-security vulnerabilities and has also created new challenges,” said Staniforth. He also noted that it is predicted that cyber-crime will cost the world over $6 trillion annually. “The costs associated include damage and destruction of data, stolen money, lost productivity, the effect on intellectual property and financial and personal data, and the destruction of the normal cost of business,” Staniforth said.