Opinion | Cyber resilience in the time of Covid-19 and beyond

The novel coronavirus (Covid-19) pandemic is not only a global health challenge. It has had cascading impacts across many sectors of society, including the economy, education, governance, and cultural sectors.

One of the sectors that has seen a significant impact is the cyber sector. With the increasing reliance on information and communication technologies (ICTs) for communication and telecommuting, due to the containment measures that have been adopted across the world, there has also been an increase in adverse cyber incidents.

These incidents are not only affecting governments and businesses, but also individuals and communities. Among the Covid-19-related cyber incidents detrimental to individual citizens that have materialised in countries across the globe are:

• Disinformation, misinformation and fake news around Covid-19 – the Covid-19 infodemic.

There are concerted grass roots and state-led efforts around the world that are exploiting social media to shape the narrative around the Covid-19 pandemic. Citizens are not only the end victims of these falsehoods; they are also inadvertently complicit by forwarding messages without fact-checking.

• Social engineering attacks, including phishing messaging using the branding of trusted organisations such as the WHO.
• Dataveillance in the name of Covid-19 epidemiological surveillance.

An increasing number of apps for epidemiological surveillance, symptom checking and contact tracing are being developed and deployed to assist in the fight against Covid-19. Some of these apps expose individuals to the risks of dataveillance and violation of personal privacy.

• The exploitation of platform-specific vulnerabilities, including what is popularly called Zoom-bombing.
• Disruptions to online services as people spend more time online and as network resources become strained.

Some network operators have reported increases of up to 50 per cent in their network usage.

The negative impact of these events is not only disruptive to societies; it also represents economic costs, loss of safety and security, and in extreme cases, the loss of livelihood and life.

The vulnerabilities of individual citizens and communities to adverse cyber events during times of crisis indicate that providing resources and avenues for them to respond to and recover from adverse cyber events, as well as to continue everyday functioning under attacks and disruptions, is imperative.

The ability to recover and for life to continue in the face of these adverse cyber events depends on the cyber resilience posturing of the different stakeholders within the cyber ecosystem. Cyber resilience is a whole-of-society agenda that goes beyond just protecting critical information infrastructure.