COVID Complicates the Fight to Protect Our Data

The pandemic has shifted more and more of what we do online. Cybercriminals have followed.

In a global health crisis that most of us—countries, businesses and individuals—saw as a challenge, cybercriminals saw opportunity. Early on in the pandemic, the World Health Organization experienced a fivefold increase in cyberattacks, as criminals stole WHO employees’ credentials to spread misinformation and thwart its efforts to respond to the crisis. Since then, cybercriminals have targeted the global race to develop a vaccine, targeting drug-development research with the apparent aim of profiting from other countries’ intellectual property.

While interfering in a global health crisis is especially troubling, cybercrime doesn’t stop there. According to the Canadian Centre for Cybersecurity, it’s a major threat to all Canadians and businesses, to our infrastructure and to our public institutions. And it’s on the rise. In the year after a Canadian federal data-breach reporting law went into effect on Nov. 1, 2018, the Office of the Privacy Commissioner of Canada received 680 breach reports affecting some 28 million Canadians. That was before the pandemic forced even more of our work, commerce and learning online.

It’s a subject that preoccupies privacy expert and recent Disruptors guest Ron Deibert.

Listen on Apple Podcasts, Google Podcasts, Spotify or Simplecast

He says we live in “a personal surveillance data economy,” where the large tech platforms wield unprecedented control over our data and don’t do enough to protect us from abuses of power. Deibert founded the Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy, and is the author of Reset: Reclaiming the Internet for Civil Society.

Data protection is on the minds of business executives and owners too. Large companies are increasingly targets of costly ransomware attacks. What’s clear is that, with cybercriminals following the money and our behaviour during the pandemic, they need to prioritize data protection. Here’s some of what to think about:

Cybercriminals are becoming more sophisticated

Commercial espionage is growing, and some of it is conducted by powerful state-sponsored actors. The level of sophistication is notable. Cybercriminals have created illegal online markets to share their tools and talent, according to the Canadian Centre for Cyber Security. That puts the onus on businesses to beef up technology tools to proactively identify potential risks.

Many companies aren’t prepared for a breach

There isn’t a strong understanding of how scams work and what makes us most vulnerable, according to RBC Chief Information Security Officer Adam Evans. “Education needs to be the focus right now,” he says.

Businesses need updated policies and a crisis plan

Larger organizations are more likely to be targets, but they have more resources at their disposal to protect themselves against cybercrime. For smaller firms with more limited resources, it could be especially important to develop a written policy to manage or report cyber security incidents. Recommendations from the Canadian Centre for Cybersecurity include developing an incident response plan with detailed responsibilities, and considering purchasing a cyber security insurance policy that includes liability coverage.

Governments are boosting regulation

Canada’s federal government recently unveiled a bill to improve digital privacy protection in Canada. The Digital Charter Implementation Act will empower Canadians with freedom to securely move their data from one organization to another, and give them the ability to demand that their information be destroyed. Non-compliant companies will face strong financial penalties.

Disclaimer