General co-chair CyberEDU Stefano De Paoli, Professor of Digital Society
Sociology Division, School of Business, Law and Social Sciences Abertay University
There is no doubt that we are living in very difficult times due to the coronavirus (covid) pandemic and that we are experiencing, very rapidly, many changes to our lives. One of such changes has been, for a large part of the working population, the shift to work from office to the work from home, together with an increased reliance on the Internet to do our normal things such as shopping, staying in touch with people or else. Moreover, our health systems are suffering massive pressures in order to deal with the crisis generated by the virus and governments across the globe are faced with difficult decisions on whether to lockdown their countries and on how to keep a balance between the public health and the economic needs. Increased online activities and the necessary shift of attention and resources toward the health system, among others, have brought a significant increase of cybercrimes. We have clear evidence of this trend.
Europol has recently published the Internet organised crime threat assessment (iocta) 2020a, which showed a clear upward trend for cybercrime during the covid crisis. However the main lessons from this report is perhaps the following: “Traditional cybercrime activities such as phishing and cyber-enabled scams quickly exploited the societal vulnerability as many citizens and business were looking for information, answers and sources of help during this time.” (p. 13). That is cybercriminals adapt to the shifting situation by redeploying known attack techniques to suit the new social and economic contexts. Publications are started to be produced showing the extent of the problem (Lallie et al. 2020, Buil-Gil et al. 2020) and police forces and private actors, especially across western countries are trying to raise the attention to the problem. For example we have evidence that during the early month of the pandemics email scams have had a more than 600% increase, with many of these focusing on covid related scams, for examples around donations for fake charities or attempts to sell cures for the virus. Likewise, thousands of scam websites around coronavirus are being created with the purpose to lure victims or to distribute malware and indeed there is an estimate that around 90% of new coronavirus domains being created are for scamming purposes (Cimpanu, 2020). The increase of remote working also has increased the number of insecure devices that connect to companies and organisations networks. There are estimates that thousands of unsecured devices connect in nearly 30% of companies in major countries such as the USA, UK or Germany (Deloitte, 2020), with cybercriminals seeking the exploit the vulnerabilities that are presented by this situation (MCKinsey, 2020). There is also evidence of increased risks for children. Europol (202b) has raised attention to the problem, stating that “Adults working remotely are less able to spend time with their children, who are allowed greater unsupervised internet access.”. This inevitably increases the risk to exposure to offenders or dangerous material.
In the difficult times that we are facing, cybercrime thus contributes to increase the miseries we are all facing at very different levels. It remains thus important to continue working toward increasing resilience against cybercrime and to develop strategies for better cybersecurity. While diverting investments from other areas in order to direct them toward the health system is fundamental, we still need to be sure that our digital infrastructures as well as our lives remain secure. We, in particular, need to work toward increasing the education of people about cybercrime issues, whilst they work from home and are faced with constant streams of information and misinformation about coronavirus. Whilst investing in secure infrastructures and technologies remains important, it is also fundamental that we invest in people and in their capacity to recognise the risks of cybercrime and to take the necessary actions to protect themselves and consequently society more widely. We need to understand what actions can be taken to increase the public resilience toward cybercrime and offer guidance and recommendations for people and organisations on how to act, while their life is increasingly operating from remote and online.
That is why conferences like CyberEDU are important as they seek to gather knowledge contributions that can help understanding how to increase the resilience of human actors toward cybersecurity. Especially in these difficult times we need increased contributions reflecting on the needs for cybersecurity training and awareness where these terms are understood as the multitude of frameworks, methods and new ways of educating the human actors toward cybersecurity. The conference seeks contribution from disparate voices including researchers, professionals but also students who want to contribute to this topic and foster an open discussion about why humans are more important than ever for our cyber-resilience. I thus warmly invite you to contribute to CyberEDU and bring your experience to this community of practice.
References
Buil-Gil, D., Miró-Llinares, F., Moneva, A., Kemp, S., & Díaz-Castaño, N. (2020). Cybercrime and shifts in opportunities during COVID-19: a preliminary analysis in the UK. European Societies, 1-13.
Cimpanu C. (2020). Thousands of COVID-19 scam and malware sites are being created on a daily basis. Available from https://www.zdnet.com/article/thousands-of-covid-19-scam-and-malware-sites-are-being-created-on-a-daily-basis/ (accessed 01 Nov. 2020)
Deloitte (2020). COVID-19: Cyber and the remote workforce. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Risk/gx-covid-19-cyber-and-the-remote-workforce.pdf (accessed 01 Nov. 2020)
Europol (2020a). INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2020, Available from https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2020 (accessed 01 Nov. 2020)
Europol (2020b). COVID-19: CHILD SEXUAL EXPLOITATION. https://www.europol.europa.eu/covid-19/covid-19-child-sexual-exploitation (accessed 01 Nov. 2020)
Lallie, H. S., Shepherd, L. A., Nurse, J. R., Erola, A., Epiphaniou, G., Maple, C., & Bellekens, X. (2020). Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. arXiv preprint arXiv:2006.11929.
McKinsey (2020). A dual cybersecurity mindset for the next normal. https://www.mckinsey.com/business-functions/risk/our-insights/a-dual-cybersecurity-mindset-for-the-next-normal# (accessed 01 Nov. 2020)
Shi F. (2020). Threat Spotlight: Coronavirus-Related Phishing. https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/ (accessed 01 Nov. 2020)