March 19, 2020

The Coronavirus outbreak is a cause of concern for us all.

This situation raises several questions and presents several challenges and, at the same time, opportunities for making societies safer places to live and do business in the future.

Let us take a look at these issues from the perspective of Digital Transformation.

Digital Transformation is an essential prerequisite to allow employees to work from home or any location. Digital transformation is not proceeding at the same pace everywhere. According to the McKinsey Global Institute‘s 2016 Industry Digitization Index, Europe is currently operating at 12% of its digital potential, while the United States is running at 18%. Within Europe, Germany operates at 10% of its digital potential, while the United Kingdom is almost on par with the United States at 17%. In Asia, Singapore ranks first in the Asian Digital Transformation Index, owing to its well-developed digital infrastructure, followed by South Korea, Hong-Kong, Taiwan, Japan, Malaysia, and China.

As we are tackling this crisis, we should also start preparing for the next one, not to be caught without means of protection and adequately secured. The Coronavirus outbreak took most businesses and even countries by surprise. They soon realized that a lack of digitalization in business processes led to inadequate preparation for such situations — which costs a much higher price, including the health and lives of people.

A simple example would be the “Self-Attestations” which French and some other Governments introduced to confine people to their homes. Anyone is supposed to have such Attestations with them filled in and signed if they need to leave their homes. However, most people would have to go somewhere to print these Attestations and thus expose themselves to the risk of Coronavirus. Complete Digitalisation of this self-attestation process could help avoid such risks. Likewise, while on March 16th, 2020, as cafes and restaurants were closed by the Government in France, just the day before, thousands of people in all the regions across France had to physically go to voting polls using paper ballots and thus risking being infected. The digitalization of the voting processes could resolve this.

We could realize that the most digitally savvy economies are also best prepared to face such a crisis. We made the following correlation, which revealed some interesting insights:

As of March 18th, 2020, source: worldometers.info:

Such simple math shows that, if we look at the number of cases per inhabitants, Italy is by far the most affected country, followed by France. Taiwan is by far the least affected country, followed by Singapore and then China. Among those countries, Singapore has the highest population density, and Taiwan also has a much higher population density than China, France, and Italy.

Although the crisis started in China and assuming that the official numbers are proportionately accurate, the situation is now worse in Italy than it is in China. And although Taiwan and Singapore have the highest density population and have more proximity to China, they are doing much better than countries with less population density and further distanced from the primary source of Coronavirus (China).

How could we explain such a discrepancy?

One salient reason though, could be that Taiwan, Singapore, and China not only have dealt previously with SARS and are better prepared but also have a higher degree of maturity when it comes to digital transformation and digitalization. China has rapidly implemented applications to spot from a mobile phone to the nearest infected person. Ali Baba developed an app with the following functions: when people are entering a building, they need to present a QR code whose color (green, amber, red) would indicate whether the individual had traveled near risk zones or infected individuals.  In such a case, the code would be amber or red, and access would not be granted.

Police officers are wearing cameras that allow them to check at a 5 meters distance the temperature of an individual. Drones are flying the streets with QR codes that passengers can scan, which would allow tracking their location. This information would be relayed to a control center that analyzes population movements to identify the location of risk groups and infected people. Taiwan was also quick at implementing emergency measures soon and activated a response command center and imposed swift travel bans and quarantines.

Many of the measures that China or Taiwan implemented couldn’t be implemented as rapidly in the US or Europe because they would be considered an invasion of privacy and might conflict with existing regulatory frameworks. However, would you sacrifice a bit of privacy to prevent the spread of a pandemic? And do we need to sacrifice privacy? Could technology help us reconcile privacy with an effective containment and digital strategy?

Interestingly, we can draw some parallels with how Taiwan and China are managing the Coronavirus crisis from a digital strategy standpoint, and some of the technology and processes we are used to implementing in the Cybersecurity world.

A Secure Operations Center allows organizations to identify where cyberattacks are likely to come from within and outside an organization. It is a threat intelligence that helps to anticipate and mitigate the risk of cyberthreats and is an essential building block of a comprehensive Cybersecurity program. As Sun Tzu once said: if you know yourself and you know your adversary, you need not fear the result of a hundred battles. It occurs that China and Taiwan may have modeled such command centers using similar Cybersecurity frameworks used in Secure Operations Centers.

Furthermore, a better ranking in the Digitization Index and more advanced digital infrastructure would allow many companies in those regions to rapidly implement remote working practices and thus maintaining business continuity.

On a more practical note, as remote working will develop, a multi-departmental focus on maintaining proper security controls must be in place. As well as calling companies to tighten security controls and inform employees on the higher risk, we would like to relay CYE recommendations and offer the following advice for both companies and individuals to reduce the risk of falling target to a cyber-attack:

Employees Cyber Awareness & Training

Before authorizing remote connection to a corporate network, employees should be provided with adequate training on:

• Phishing campaigns: Avoid clicking on suspicious links sent over emails and text messages promising exclusive content, related or not to the Coronavirus. Refer only to official sources for trustworthy and legitimate information.
• Suspicious emails: Examine the downloaded file extension. Documents and video files should not be in either .exe or .lnk formats.
• Robust authentication: replace existing passwords and use long phrases for new passwords, ideally avoiding dictionary words. Enable 2-factor authentication where possible (including personal accounts at Google, Facebook, LinkedIn)
• Process & procedures: Become familiar with the steps to take if a security incident or another compromise is suspected or identified
• Security guidelines: Make appropriate use of Wi-Fi (avoid public sources), update security patches and make sure your Anti-virus tools are activated

SMBs Remote Connections

Companies’ IT teams should take the following steps when allowing remote work:

• Secure connection: Use only secured remote access to company networks. Where possible, through a virtual private network (VPN) or another encrypted connection mechanism.
• Extra protection layer: VPNs should be configured with multi-factor authentication (MFA) as an added security layer
• Internet perimeter protection: The IT Department should ensure firewalls are appropriately configured and monitor firewall logging to identify attempted or successful connections from unauthorized or suspicious Internet Protocol (IP) addresses
• Reduce the attack surface: Only required services and interfaces should be exposed to the internet. Make sure other services are blocked. Sensitive services (like admin interfaces) should be accessible only from the internal network through a VPN.
• Reduce potential risk: for any regions (nationally or globally) from which employees would have no reason to be remotely connected to the company network, the IT Department should proactively “blacklist” the IP ranges for those geographies.
• End-Point protection: Use reliable & updated next-gen endpoint-protection solutions as part of the enterprise’s overall protection
• Backup: Create backups (online and offline) for critical data, due to sick employees who will not be available and the increased risk of Ransomware attacks

It is a conjunction of factors. Digital Transformation is not a magic wand and is one of the elements to look among others as part of an effective containment strategy. A robust healthcare system, overall containment policies, governance, and regulatory frameworks areas essential and a higher degree of digitalization maturity could only make them more resilient. We believe that digitalization and an accelerated pace of digital transformation would make containment and business continuity strategy more effective in the future.

Coronavirus is probably the sign that human beings are putting too much stress on the global ecosystem. Just like with climate change, there are consequences. As a result, nature responds, and she is not happy. Those extreme events may even occur with more frequency and severity. This crisis is an alarm that we should start re-think how we treat ourselves, how we treat each other, and how we treat the nature to which we belong.

Cyber Capital HQ Team
Jean Lehmann – Bob Hecht – Dina Kossayeva Poillerat

Subscribe

Your personal information is kept in accordance with our Privacy Notice