Prominent experts at the E-Discussion – Cyber Security Crisis Management: Lessons from Covid-19 – highlight various dimensions of the threat during the pandemic
ABU DHABI, May 21 – Technology doesn’t alone solve cyber-security challenges as processes and procedures are needed alongside continuous awareness campaigns to ensure that workplaces remain secure, experts at an E-Discussion said here on Wednesday.
They also recommended regular vulnerability assessments and the use of best practices to ensure systems are safeguarded against cyber-attacks during these difficult times, adding that people, processes, and technology go together in this fight to ensure cyber-security.
The E-Discussion – Cyber Security Crisis Management: Lessons from Covid-19 – organized by TRENDS Research & Advisory, was part of its Strategic Dialogue E-Forum, which gathered several prominent experts who highlighted the various dimensions of cyber-security crisis management and the lessons learned from the pandemic.
Speaking at the event, Mr. Muntaser Bdair, COO of SecurityMatterz, Saudi Arabia, said the challenge is related to national security as even critical infrastructure of countries is vulnerable to cyber-attacks. According to him, the global average cost of a data breach for the year 2019 was almost $3.9 million.
“There are the enemy or state-sponsored hackers, also called e-soldiers involved in cyber wars, which makes it even more dangerous. We live in a digital world and Covid-19 is pushing us further and faster into digital transformation. The more open you are the more risk cyber-security vulnerabilities you are exposed to,” he said.
Mr. Muntaser said that several laws push governments and organizations to do more and that awareness is growing in the Middle East. “There have been over 907,000 spam messages, 48,000 hits on malicious URLs, and 737 malware threats detected in the GCC. That tells you that we may be quarantined but hackers are not. They are taking advantage of the situation,” he said.
Mr. Muntaser emphasized that awareness is the best control mechanism to ensure cyber-security. “Social engineering or phishing is aimed at the people element through which hackers target the mind of the people to get access to sensitive information,” he said.
According to Mr. Muntaser, as many as 76 percent of organizations experienced phishing attacks in the past year. He also highlighted the need to remain aware of social media security, especially during quarantine when it is being widely used.
“How much we put out there could be critical as we put a lot of information on our social media. We encourage more people to do more about cyber-security threats,” he pointed out.
Mr. Naeem S. Musa, Chief Information Security Officer (CISO) at the Commodity Futures Trading Commission (CFTC), United States, shared his tips for remote-working taking into account the cyber-security threats during Covid-19. Tele-working, he said, needs extra precautions, which include ensuring that connected devices do not harm or interfere with the office networks.
He came up with a set of recommendations for organizations including steps such as guarding and updating devices, creating strong passwords, using two-factor identification, and encrypting emails.
According to him, we also need to ensure that our home infrastructure such as modem and router is up to date as they are easy to hack into and could give away to access to sensitive information. “If you are shopping online – don’t use the same password and username. Always change passwords and keep them strong and hard to guess,” he said.
Giving a European perspective, Mr. Andrew Staniforth, Director of Saher-Europe and Non-Resident Fellow, Counter-Terrorism, at TRENDS, United Kingdom, highlighted the various aspects of organizational resilience and the combatting of Covid-19 cyber threats.
“Security matters in various ways and organizations have had to prevent, respond, and recover in the face of this challenge. The Covid-19 pandemic has exposed pre-existing cyber-security vulnerabilities and has also created new challenges,” said Mr. Staniforth.
According to him, it is predicted that cyber-crime will cost the world over $6 trillion annually. “The costs associated include damage and destruction of data, stolen money, lost productivity, the effect on intellectual property and financial and personal data, and the destruction of the normal cost of business,” Mr. Staniforth said.
He said that we are in an era of high value and low-impact crime, which is shifting criminal behavior and is posing a challenge for law enforcement agencies as attackers are carrying out less obvious attacks and on those that go below the radar. According to him, hackers are no longer going after only large organizations but the size of your cyber vulnerability.
“Effective cyber-security needs more than just technology tools and inadequate training should also be looked into as employees are the largest security risk. Much of the attacks are due to a lack of awareness, especially with the bring-your-own-device practice,” he said.
According to Mr. Staniforth, Covid-related cyber threats were expected but some attacks have been surprising. “Cyber threats could be seen following the path of coronavirus. As communities come together to defeat the virus, the action of a small group of hackers is causing another challenge,” he said.
According to him, a coherent approach and strategy are best served by an organization’s resilience, which is a strategic objective for the organization to survive. “It’s a different approach as you are accepting that cyber-attacks may occur and will eventually come but you are more prepared to deal with it when it happens,” he said.
Mr. Staniforth said that there is nothing called total security from cyber-attacks. “We need to go back to basics in terms of fostering online security awareness, especially when working from home. Understanding your organization’s processes and procedures would embed cyber-security measures into the organization’s culture. It must be integrated to be effective,” said Mr. Staniforth.
Prof. Ernesto Damiani, the Director of Khalifa University Center for Cyber-Physical Systems (C2PS) and the Director of Information Security Center Electrical and Computer Engineering & EBTIC, United Arab Emirates, added another dimension to the discussion, highlighting the lessons learned in psychological operations (PsyOp) during the Covid-19 crisis.
“When you are under pandemic stress, with a barrage of news, even experts working from home could experience a psychological shift,” he said. According to Prof. Ernesto, people become more gullible from the hacking and social engineering point of view. “What you can be persuaded to sometimes depends on your surroundings,” he said.
“The same person working from office may have reacted differently as the deadly mix is self-perception. Some attacks that may not have worked in office work at home,” he said. The E-Discussion concluded with the remarks of Mr. Ahmed Al-Astad who thanked the speakers of the session and other events part of the Strategic Dialogue E-Forum.
“Through this Strategic Dialogue E-Forum, and because of our sense of responsibility, we have stressed the importance of foreseeing the future and examining the current international practices in our collective fight against the Covid-19 pandemic. We have also tried to find ways to prepare for the challenges going forward,” Mr. Al-Astad said.
Dr. Mohammed Al-Ali, the Director-General of TRENDS Research & Advisory
Dr. Mohammed Al-Ali, the Director-General of TRENDS Research & Advisory said, since the Covid-19 outbreak, the Center’s priority has been to work with other research centers and an elite group of international experts to exchange views on the challenges posed by the pandemic.
“We have stressed the importance of dialogue and research while confronting the dangers of Covid-19 and the economic and strategic impact it is leaving on the world today. We must listen to scientists and researchers so that we are prepared for such pandemics in the future, which could be worse than this current one,” he said.
The E-Discussion was moderated by Ms. Emina Osmandzikovic, Researcher at the TRENDS Research & Advisory, and was live-streamed on the TRENDS YouTube channel and its other social media platforms.
TRENDS Research & Advisory strives to present an insightful and informed view of global issues and challenges from a strategic perspective. Established in 2014 as an independent research center, TRENDS conducts specialized studies in the fields of international relations and political, economic, and social sciences. It undertakes rigorous analyses of current issues and international and regional developments, especially in the Middle East and North Africa.
The Center analyses opportunities and challenges at various levels of the geopolitical spectrum. It evaluates scenarios and prospects to find scientific and objective answers and seeks to influence the decision-making process. TRENDS Research & Advisory aims to champion national and regional causes and build a strong network with research centers, organizations, and institutions around the world. It also seeks to benefit from the expertise of international research and academic institutions.