Covid-19 and the growth of digitization: How a human virus has affected trust in the digital ecosystem.
The cyber risk ecosystem is made up systemic and cascading risks with the potential for massive disruptions to nations, businesses, and individuals to occur from a single source. In 2017, that source was a computer virus called WannaCry. This particularly nasty ransomware infected millions of Windows systems in over 150 countries causing hundreds of millions of dollars in damages, pain, and suffering across the entire world. WannaCry infected systems without concern for who was hurt; the NHS alone lost £92 Million[1]. Such criminality is not unusual but has become more the rule than the exception with infamous predecessors such as Melissa and ILOVEYOU creating similar devastation.
What makes WannaCry different it that the headlines it created marked a point in cyber security history where businesses leaders began to heed the “not if but when” warnings more seriously; cyberattacks rose to the top of corporate risk registers all over the world. Despite the rise, underlying trust in the overall digital environment wasn’t seriously impacted. Even with the disruption to global supply chains, the threat to human life, and loss to revenue caused by WannaCry and its predecessors, the trust in digital systems didn’t waver. Digital growth didn’t flag but continued to grow even by those infected by WannaCry.
This trust seems strange especially when, beginning in 2019, the world experienced a virus that generated a distinctly negative trust in digital systems. Doubly strange because this time the virus wasn’t in computers but in humans. Covid-19 seems to have irreversibly affected trust in the digital ecosystem. Steps taken to contain the spread of the virus put millions of people under duress by forcing them to rely on less stable digital systems resulting in an explosion of growth in the digital economy—and a concomitant decrease in trust for digital systems.
The speed of the massive migration to work from home caught employees and employers off guard. Ad-hoc set-ups and personal devices in bedrooms and on kitchen tables replaced secure in-office digital environments where network access had been tightly controlled and with up to date security. This drastic mismatch instigated the first key area of increased digital dependence and accompanying insecurity. To combat the increased risk, companies moved to third-party monitoring capabilities, migrated work environ-ments to the cloud, and invested in video conferencing software. The growth statistics of companies like Zoom and Microsoft’s cloud services make the explosion of dependence undeniable. Zoom’s daily user count increased by almost 3000% in just a little over one quarter with nearly 100 million users a day.[2] Microsoft officials say the company has seen a 775% increase in demand for its cloud services in regions enforcing social distancing.[3]
Connected devices and services also moved the Highstreet into the home, marking a second area of increased dependence. According to an Adobe report, total online spending in May 2020 hit $82.5 billion, up 77% year-over-year. In the UK, ecommerce took two decades to go from zero to around 7 per cent of total grocery sales. It then went from 7 per cent to 13 per cent in about eight weeks as Highstreet shut down.[4] It is difficult to say whether these trends will remain once the population can return to stores in person but for the foreseeable future forced dependence is undeniable.
Like all explosive reactions, the sudden and accelerated rate of change created instability. Recurring failures in the security of home offices and the unreliability of the jury-rigged technologies and services that scramble to support them reduces trust in the digital ecosystem as a whole. The millions of dollars being spent on cyber security for home offices was no match for the dark side of social engineering that entered into inboxes under the guise of the world health organisation, PPE providers, and job retention schemes. The opportunistic and morally corrupt nature of cyber criminals exploited the fears and uncertainty of individuals as the news spread of illegal access to personal and professional networks around the world. Scams increased by 400% over the month of March, making Covid-19 the largest ever security threat.[5]
Misinformation and fake news campaigns about the virus furthered the distrust in digital technologies and services at a time when accurate information was more important than ever. Rumour mongering about the virus including its scale, prevention, treatment and source circulated through all online mediums followed closely by denials that seemed as crazy as original tale. A Rutgers-led[6] study found that online misinformation, or "fake news," lowers people's trust in mainstream media. This distrust escalated to conspiracy theories against technologies—both digital and medical. In February 2020, BBC News reported that conspiracy theorists on social media groups found an alleged a link between coronavirus and 5G mobile networks, claiming that both the Wuhan and Diamond Princess outbreaks were directly caused by the introduction of 5G and wireless technologies. [7] Scientists have highlighted the complex ties between the virus and misinformation and warned that developing a working Covid-19 vaccine “might not be enough” to end the pandemic unless steps are taken by governments and technology firms to tackle coronavirus misinformation.[8]
Correlations between different types of risk are not new. To create accurate correlations, one must understand the probability and likelihood that these events can occur separately and the key variables of where they are linked. A computer virus does not always affect global cyber security. A human virus does not always affected global health security. But as our world grows digitally and we enter into the fourth industrial revolution it is essential that these correlations are revisited. It is essential that the human variable of “trust” is entered into the equation. A human virus does not always affect global cyber security, but it did. It is yet to be seen if the digital economy can withstand the weight of the dependence we have put upon it and whether or not our trust was misplaced.
