Post-pandemic Cybersecurity: Lessons from the global health crisis

Read Time:5 Minute, 45 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Beyond ‘just’ causing mayhem in the outside world, the pandemic also led to a serious and worrying rise in cybersecurity breaches. In 2020 and 2021, businesses saw a whopping 50% increase in the amount of attempted breaches.

The transition to remote work, outdated healthcare organization technology, the adoption of AI bots in the workplace, and the presence of general uncertainty and fear led to new opportunities for bad actors seeking to exploit and benefit from this global health crisis.

In this article, we will take a look at how all of this impacts the state of cybersecurity in the current post-pandemic era, and what conclusions can be drawn.

New world, new vulnerabilities

Worldwide lockdowns led to a rise in remote work opportunities, which was a necessary adjustment to allow employees to continue to earn a living. However, the sudden shift to the work-from-home format also caused a number of challenges and confusion for businesses and remote employees alike.

The average person didn’t have the IT department a couple of feet away, so they were forced to fend for themselves. Whether it was deciding whether to use a VPN or not, was that email really a phishing one, or even just plain software updates, everybody had their hands full.

With employers busy with training programs, threat actors began intensifying their ransomware-related efforts, resulting in a plethora of high-profile incidents in the last couple of years.

A double-edged digital sword

If the pandemic did one thing, it’s making us more reliant on both software and digital currencies. You already know where we’re going with this—it’s fertile ground for cybercrime.

Everyone from the Costa Rican government to Nvidia got hit. With the dominance of Bitcoin as a payment method in ransoming, tracking down perpetrators is infinitely more difficult than it used to be. The old adage holds more true than ever – an ounce of prevention is worth a pound of cure.

To make matters worse, amongst all that chaos, organizations also had to pivot away from vulnerable, mainstream software solutions. Even if it’s just choosing a new image editor or integrating a PDF SDK, it’s an increasing burden for businesses that are already trying to modernize or simply maintain.

Actors strike where we’re most vulnerable

Healthcare organizations became more important than ever during the global coronavirus pandemic. But this time also saw unprecedented amounts of cybersecurity incidents take place as bad actors exploited outdated cybersecurity measures.

The influx of sudden need caused many overburdened healthcare organizations to lose track of key cybersecurity protocols that could help shore up gaps in the existing protective measures.

The United States healthcare industry saw a 25% spike in successful data breaches during the pandemic, which resulted in millions of dollars of damages and the loss of privacy for thousands of patients whose data was compromised.

This has resulted in intangible lasting damages as well – patients today have much greater reservations when it comes to trusting that the information they share with their healthcare organizations is secure.

Healthcare organizations need to update their existing cybersecurity systems, both physical and digital, to accommodate new technological innovations. Patient data must be amply secured through zero trust networks and multi-factor authorizations that ensure that only verified users can access their records within the system.

Healthcare organizations should put in place layered cybersecurity systems that include emergency response plans for mitigating damages and leaked data access points in the event of a successful data breach.

Cybersecurity training and awareness education should be compulsory for all employees of any healthcare organization. When it comes to healthcare, trust is absolutely essential, and that includes trust in an organization to protect patient data and privacy in a sufficiently secure manner. Healthcare organizations should also ensure that their security measures and protocols are compliant with HIPAA and other federal regulations.

Learned to exploit people’s anxiety

Misinformation, a frightening news cycle, and a sudden burst of communication from official channels meant that during the pandemic, many individuals were highly susceptible to insidious phishing attacks that relied on social engineering cyberattack techniques.

Bad actors impersonating public figures, misrepresenting national entities, or falsely presenting as employees from healthcare companies or social security firms could more easily ingratiate themselves with unsuspecting individuals, who could then be extorted into providing sensitive personal details, such as physical address, credit card information, bank details, confidential health information, and more.

In fact, studies have since revealed that instances of phishing attacks rose by a staggering 220% during the pandemic. These phishing attacks resulted in unmeasurable amounts of damage, as individuals were coerced or tricked into handing over money and data that could then be used against them. Unsuspecting victims could fall prey to synthetic identity fraud or ransomware attacks, among others.

Going forward, we need broad public awareness campaigns that can alert individuals to the dangers and likelihood of phishing attacks. People should be aware of what familiar phishing attacks look like, including specific scripts that are all too common in email phishing attacks.

Biggest threat might not even be human

Now, in the post-pandemic era, we are squarely placed in the realm of AI. When ChatGPT was released to the public it broke records, gaining over 100 million users within its first two months of existence.

Now, experts predict that AI will replace between 400 and 800 million jobs. That means businesses in every sphere will become even more enmeshed in AI technology. If we are not careful, then that also means businesses will be highly susceptible to new forms of cyberattack.

Bad actors can enact AI-driven cyberattacks to turn new AI tech against organizations. Or they could easily exploit a vulnerability in a faulty AI model.

From the past to prepare for the future

With the climate crisis looming and healthcare experts predicting that the next pandemic is going to be even worse, it is vital that we are prepared. Cybercriminals love turbulent periods, and it’s best we took our pandemic lessons to heart.

Learning from the cybersecurity crises that erupted as a result of the last pandemic is a smart way to approach the uncertainties of the future.

Taking the past issues as a starting point, we can analyze what went wrong, from the dangers of new remote work vulnerabilities that resulted from the sudden shift away from the office during the pandemic to data breaches of healthcare systems that relied on outdated technology.

The mistakes of the recent past can help us shore up cybersecurity across the board so that we can be better prepared to face the future, with whatever global challenges it may bring.

Read More