Cybersecurity has become one of the leading global considerations for the COVID 19 crisis, following the mass migration to remote work. As our reliance on technology will necessarily increase in order to both manage and come out of the crisis, it will inevitably come with cyber insecurity and tradeoffs with our digital privacy and information.
In part 2 of Concentric's “Getting to September” series, CEO Mike LeFever invites expert representatives from both the corporate and government cybersecurity realms to impart their perspective of the opportunity that COVID has provided within the age of COVID as well as warn us of the inevitable vulnerability that comes therein.
As the 2nd commander of US Cyber Command (USCYBERCOM) and the 17th director of the National Security Agency (NSA), Retired VADM Rogers brings 37 years of government experience and creative problem solving to the conversation. Rogers emphasizes the crucial intersection and overlap of personal and professional lives since the beginning of the COVID crisis and, since this is unlikely to be re-separated, how we need to adapt to and overcome the vulnerabilities that are resultant of that technological dependence.
Frances Dewing, as the current CEO of Rubica, a cyber security firm based out of Seattle, WA, Dewing represents corporate cyber culture in the conversation. Dewing succinctly states, “we are fighting two viruses: human and computer; both are constantly evolving”. She argues that security needs to continue to be ongoing and adaptive: “in order to be secure, you need constant monitoring and remediation”.
Common trends and concerns were identified by both speakers as they resonate across industry lines: 1) COVID exacerbating already-present increasing trends of malware and cyber attacks, 2) the prioritization for maintaining both privacy and connectivity, and 3) the cruciality and opportunity of both government and the corporate sector to come together to creatively solve the unique cyber criticalities that the world is experiencing.
- Dewing states that even prior to COVID, Rubica observed a large increase in targeting of personnel through their personal devices. However, with the now near-constant use of devices, there has been an increase in mobile malware, mobile threats, and mobile app-based threats on systems that people had previously thought were secure. Rogers argues that since we are operating on an infrastructure that was already in place, vice having built it securely to meet the needs, we are managing a world that is less reliant, less redundant, and with an increased security risk, especially from the cyber perspective. As a result of this complete and sudden dependence on technology, both speakers encourage users to think about the security of their teams’ systems on a proactively defensive approach: how can this data and exposure be capitalized on by a bad actor or used against me and my team? In the age of misinformation and wide-ranging access, consumers should maintain a cautious eye towards manipulation and cyber-attack opportunities.
- Urgent responses to crises could result in inadvertent giving up of privacy rights due to incomplete analysis on 2nd and 3rd order effects of current solutions. Dewing points out that most of this privacy data is already collected and archived, however who is allowed access to it, and for what purpose, should be the delineating factor for control. Both Dewing and Rogers emphasize there doesn’t need to be an “either/or” mentality to maintain privacy while we increase our connectivity. “The challenge is how we bring together multiple existing data streams in a way that helps us take data and information to knowledge and insight because, in the end, the strategy for COVID needs to be on data, not guessing” Rogers stated. With the use of privacy mechanisms, personalization of default security settings, and a cautious approach to available data, interconnectedness does not have to result in inherent cyber vulnerability.
- Finally, in order to succeed in a vulnerable cyber world, both government and corporate sectors need to work together to accommodate creative solutions in a current environment that is rampant with distrust and divisiveness. Neither entity is responsible, nor capable, of independently creating standards and protecting the values of the nation while responding to the pandemic. “The greatest structure, in the end, is a partnership” says Rogers. Dewing adds “security needs to be adoptable into daily life and ensure the individual makes it a part of the day-to-day”.
In today’s lack of strict bifurcation between work and personal, security decisions now have personal and professional impacts. As malign actors continue their adaptation to current vulnerabilities, security should remain on the forefront of our minds.