By Deeph Chana, Co-Director of the Centre for Financial Technology, at Imperial College Business School, and heads the Digital Banking Innovation virtual programme in the School’s Executive Education Department and Anne Louise Burnett is the Centre Manager for Financial Technology, at Imperial College Business School
‘COVID-19 will have a lasting impact on our lives’ is probably a statement few people would argue against but identifying which of the changes to our lives will endure and which will recede with time is, perhaps, the more interesting topic for debate. Whatever the detail, we can agree that social isolation, whether brief or protracted, has long-term ramifications on our relationship with digital systems and on our dependency on them.
As a result of various global lockdowns strategies, previously niche digital activities such as firing-up collaborative software platforms like Teams or Slack to interacting with chat-bot assistants has become the ‘new normal’ for many. The confluence of peoples’ ‘work’ and ‘life’ is now a reality rather than some nebulous theory of work-life balance opined about in articles on organisational culture. In fact, many people are recognising that delineating the two in any meaningful way was probably a fairly nonsensical notion in the first place as, in reality, work is obviously an aspect of life rather than something separate. Life, in reality, is a bunch of activities slung together; some of which we enjoy, some of which we don’t, and some of which we get paid for. To manage the relative balance between our various tasks work/life activities most people employ a sort of whack-a-mole method, to prioritise what to do, when to do it, how to do it and where. Some, for various reasons, are better at this game than others and in this way, work gets done.
1. Security in the home
The new ‘COVID reality’ has changed the game by severely constrained our options with respect to where we work. In fact, home has become the new default location for all our life activities. The games console and Netflix player in the living room are now in direct competition with the now tiresome ‘COVID-19 Strategy’ Zoom meeting taking place in the spare room; where, incidentally you’re on audio only as you haven’t managed to get changed yet.
This is the reality of the work-life maelstrom that the pandemic has brought, where all your data transactions, personal, corporate or otherwise are streaming in and out of your house at a level and rate that most people and organisation never planned for. Furthermore, even if you were used to working from home previously, you certainly hadn’t accounted for the rest of the household being there with you, sharing the same uplinks and downlinks, 24/7!
From a cyber security perspective, your household is now the single point of failure for all your cyber security concerns — f For anyone with hostile cyber intent, this data pipe is a rich artery to tap into, potentially allowing for the harvest of personal information such as passwords and bank details, the upload of malware and the transmission of the cyber type of virus throughout your networks..
Noting this unprecedented concentration of risk on private residences, authorities across the world have taken steps to issue warnings on rising threats (e.g., the US Secret Service’s press release of 9th March on phishing) and have also published security guidance for people working from home — as the UK Government has done through its National Cyber Security Centre (https://www.ncsc.gov.uk). However, given that many employers struggle to achieve compliance with cyber security policies at the best of times, achieving a desirable rate of conversion from messages to practice within peoples’ homes presents an even greater challenge.
Additionally, whilst well placed, some of the advice out there such as using separate laptops and phones for work runs contrary to the rapidly growing industrial trend of BYOD (bring your own device), where organisations save on hardware costs by permitting people to dual purpose their own IT equipment for personal and corporate use. If, like many people holed up, you’ve experimented with all manner of software including isolation breaking social media apps, boredom-busting games and entertainment, and new retail and delivery services, BYOD computers, phones and networks have now been exposed to a host of new security vulnerabilities and threats. As well as deliberately engineered malicious code, such security failings are just as likely to come from poorly designed software, badly implemented IT systems and policies or simple misconfiguration by unsuspecting end-users.
2. The virus and the infrastructure
Whilst household systems present mutual cyber security concerns for their occupants and the people and organisations that they interact with, COVID-19 also raises the prospect of cyber security issues on an all-together larger scale. The infrastructure that we all depend upon in order to conduct our lives also ends up in a novel state of vulnerability.
Health care systems around the world, already straining to cope, have been targeted by ransomware criminals looking to extract payments in return for unlocking computers and a greater than ‘normal’ opportunity exists for our utilities and banking systems to be caught in the cross-hairs of similar individuals and groups looking to capitalise from the crisis. Global supply chains are also very vulnerable at this moment in time, especially as they pivot towards end-to-end digital systems in a manner and scale that has simply not been implemented before now.
Loss of trust in their security would be an international scale economic problem that could greatly exacerbate what is already a strained and difficult situation for all types of businesses. The internet is already awash with suggestions that this may be the moment that compels the end-to-end inspection and redesign of supply chains which some would argue is long overdue. In particular, establishing design revisions that are more secure and resilient against the low probability/high impact events that we popularly refer to as shocks or ‘black swans’.
3. The spread of misinformation
Another, perhaps even more concerning issue, lies in the virus-like spread of misinformation that has mimicked its biological counterpart with a disturbing level of fidelity. The one trait in which misinformation outperforms its physical counterpart, however, is in its variability and rate of mutation.
Over the past few months, the more predictable conspiracy origin stories such as the ‘escape from a secret bio-lab’ and ‘bioweapon’ narratives have emerged alongside various fake claims of cures and prophetic predictions of the outbreak from supposedly prophetic novels. In one of the most bizarre twists, recent stories have emerged about the ominous causal connection between 5G telecommunication systems and COVID-19, resulting in the physical damage to a small number of masts in the UK and necessitating public statements from the Government pointing out the nonsensical nature of the story.
Just as is the case with the disease, a critical component to maximising the damage of misinformation are its super-spreaders. Social influencers operating with close to zero knowledge on the topics they opine about have emerged as widely accepted, one-stop-shop, 280-character trusted news sources for everything from the best jacket to buy this season to the finer points of epidemiology. This would be laughable, were it not for the very serious concerns this raises for the spread of panic, distress and even conflict.
From a national security perspective, what is perhaps more interesting than the specific scare stories related to COVID-19 is the laying bare of the potential success that an engineered effort of disinformation with similar characteristics could have in damaging economies and seeding mistrust amongst populations and demographics on a global scale.
If data is indeed the new oil, as the somewhat hackneyed comparison goes, then disrupting its flow, corrupting its quality, and hijacking it are crimes that inevitably follow and need to be prepared for. Taking the analogy further, it should also come as no surprise that these threats should be expected to emanate from the full spectrum of well-known nefarious sources: small-time criminals, organised cartels and, of course, nation states.
The COVID-19 crisis: a lasting impact on our lives – just perhaps not how we imagined
There has been much political posturing around the COVID-19 pandemic, with blame and conspiracy theories pitting nations against one another, when any rational consideration of the crisis shows the motivation for more integrated and collaborative systems of response around the world. Many lessons will eventually need to be shared between all nation states with respect to how to mitigate such global crises. The Chinese word for crisis, ‘weiji’, for example encompasses the sentiment of both danger ‘wei’ and the notion of incipient change ‘ji’, where something new begins. In its original usage the word also conveyed the idea of latent danger and COVID-19 shows both the explicit and, more subtle, implicit consequences of world changing events.
The threat of this biological virus is likely to fade with time, through a combination of natural immunity and medication, however the latent cyber risks that it has exposed are only likely to grow as it has permanently changed our dependency on all things digital. From now on, the outbreak of digital pathogens will always need to be considered alongside the risks of the biological variety.