Health and Healthcare Systems

How COVID-19 shows the urgent need to address the cyber poverty gap

Image: Markus Spiske/Unsplash

William Dixon
Global Head, Research, ISTARI
David Balson
Director of Intelligence, Ripjar

This article was updated on 2 April 2020.

  • Responding to the COVID-19 pandemic requires secure vital services, networks and capabilities.
  • Yet recent cyberattacks against organizations including the World Health Organization reveal a cyber poverty gap between those that are prepared and those that are not.
  • Solutions include adopting next-generation technology and focusing on skills development.

The need for vital services, networks and national capabilities to continue to function without interruption has never been more stark. The global response to the COVID-19 pandemic is without precedent and is testing the limits of our ability to communicate, understand the situation and react appropriately.

The recent disclosure of two major security flaws in the Zoom Platform, which is a free video-conferencing tool now been used by millions of home users because of the pandemic, is just one example of how cybercriminals can exploit the crisis and shows a widening cyber poverty gap between those who are secure online and those who aren't.

In another example, one such vital piece of our global response, the World Health Organization (WHO), was widely reported to have been the target of a malicious cyberattack at the very time when it is critical to the global response and a key component of our collective resilience.

Especially during a crisis, it is paramount to maintain the underlying digital infrastructure of our social fabric. However, globally we are now at risk of being exposed to a cybersecurity poverty gap, in which the essential security capabilities, skills and services are priced beyond the means of those who need it in the key industries and services we are collectively reliant on.

Discover

What is the World Economic Forum doing about the coronavirus outbreak?

The cyber poverty gap

The attack on the WHO is just one example of a major spike in cyber activity impacting critical services. In the Czech Republic, a cyberattack against one of the COVID-19 testing hospitals has taken it offline, forcing all the patients to be relocated and disrupting testing at a critical time. It is also alleged that cybercriminals recently launched an attack on the US Department of Health and Human Services in an attempt to slow down its response.

At this time of unprecedented reliance on digital services, infrastructure and the need for reliable information, cybersecurity has never been more important. While most of society sees the pandemic as a time for collective action, criminals have launched spear-phishing attacks imitating the WHO and Centers for Disease Control and Prevention (CDC), ultimately using the context of the pandemic to spread malware and ransomware as well as launch fraudulent websites that prey on users intent on helping others.

For the past decade, security has been driven by a major principle: those who invest the most are the best protected. But in areas such as healthcare, retail and local government services the last few weeks have indicated that the market falls short of what is needed to build collective resilience at a time of crisis.

Have you read?

Despite global spending on cybersecurity reaching more than $100 billion dollars a year, breaches and disruptions are a daily fact of life. The market is failing to create commoditization of cybersecurity and vulnerable businesses are paying the price. The healthcare sector is particularly vulnerable, with Crowdstrike reporting more targeted intrusions than defence, aerospace and manufacturing.

With the cost of procuring security systems and controls rising, and the skills needed to properly administer and implement these systems in short supply, it is likely that the networks with the greatest need in healthcare, social welfare or the complex ecosystem of supply chains that underpins them are still fundamentally ill-prepared from the threat of cyberattacks.

There are three ways that leaderships can address this cyber poverty gap:

1. Incentivise the adoption of next-generation defence.

Now is the time to deploy the full promise of the Fourth Industrial Revolution and expand the use of advanced security automation capabilities, including machine learning and artificial intelligence. This includes smart automation that can take complex security workflows, shared intelligence and knowledge of adversary behaviour, and respond to potential risks at machine speed entirely without human intervention. This will enable us to scale our collective response and dramatically drive down the cost of security to make it more accessible.

Scale of cyberattacks
Scale of cyberattacks Image: World Economic Forum

Companies that are already offering free access to cybersecurity solutions during this time of crisis will be able to take advantage of a new automation economy and cheaper, faster and more scalable products that allow a vastly wider pool of customers across the supply chain - including logistics, transport and manufacturing - to gain access to vital capabilities and service offerings.

Upstream, automation is already playing a crucial role in scaling the response to the cyber threat. The UK’s "Active Cyber Defence" programme and work like Microsoft’s recent Necurs takedown aim at the strategic level to automatically take down or block tens of thousands of malicious websites and spearphishing attacks before they have had even had a chance to be utilised, with all users downstream benefiting from increased protection.

2. Accelerate skills development.

With a widening global cyber skills gap of 4 million, vulnerable sectors are falling far behind. When the UK’s NHS was impacted by the Wannacry outbreak, the subsequent investigation indicated that some of the UK’s biggest health trusts “did not have any” qualified cybersecurity professionals.

Addressing the cyber poverty gap will need bold leadership. Leaders drive the adoption and value of new technology and innovations, adopt the right governance models and deploy strategies across an entire business ecosystem. In critical industries such as healthcare, hospitals often run at a loss with small operating margins, yet the average salary of a Chief Information Security Officer is now over $200,000. To address this we need to incentivize and accelerate a much larger talent pool and new ecosystem given these skills will be the potential key workers of future crises.

This future leadership will be built by novel initiatives such as the Atlantic Council’s Cyber 9/12 challenge, a global competition which has encouraged hundreds of young people across Europe, US and Australia to pursue cyber policy and leadership roles in cybersecurity and the wider ecosystem. Developing future frameworks to develop leaders will be essential if the industry is to create new mass-market business models and not just boutique services.

3. Address market imbalances.

One of the strategic issues will be how the market adjusts itself to address the cyber poverty gap, and we can look to the healthcare industry for inspiration.

In the aftermath of World War II, the UK quickly established a nationalised health service. Its visionary founder Aneurin Bevan summarised its underlying philosophy in terms of the balance between rich and poor - “the essence of a satisfactory health service is that the rich and the poor are treated alike, that poverty is not a disability, and wealth is not advantaged.”

The coronavirus does not care about the wealth of those it infects, and the same can be said of cyberattacks. Only by working together will society find ways of containing their spread and reducing their impact. It may take a cyber version of the NHS to realign priorities of industry to realise the collective good, and ensure - as Bevan put it - that illness should not be an offense for which people should be penalised and the cost should be burdened by the community.

Governments around the world are already addressing these imbalances. The UK’s Department for Digital, Culture, Media and Sport allows organisations such as charities and training companies to take on grants of up to £100,000 in order to more quickly scale up skills in areas that need it most, but we now need to work on how these initiatives work on a global scale.

The integrity of cyberspace is a critical element of our collective resilience and desperately concerning during times of immediate crisis such as the current pandemic. Security is, therefore, a basic need and one that will need to be addressed by leaders to remediate the gap between the cyber haves and have-nots. Doing so will be of paramount importance to the future of the Fourth Industrial Revolution and the wellbeing of the social fabric in which we live.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

COVID-19

Related topics:
Health and Healthcare SystemsCybersecurity
Share:
The Big Picture
Explore and monitor how COVID-19 is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

The key health achievements of COP29, and other top health stories

Shyam Bishen

November 20, 2024

How equitable access to medicines can drive sustainable returns for investors

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum