2020-06-30
The COVID-19 pandemic has created many unexpected challenges for businesses in Cambodia. We usually say that we need to unite in order to overcome a challenge, but this time, we needed to isolate in order to survive. Besides the social and economic impacts, COVID-19 has created a new environment for Micro, Small, and Medium Enterprises (MSMEs) in Cambodia to operate during the crisis – via the Internet. Internet connectivity has suddenly become overwhelming, as a primary source of communication. We must transform both our mindsets and work culture, in order to adapt during this current downturn and be economically sustainable and resilient in the long-term.
The more we are connected online, the more vulnerable we are. We have to remember that bad actors are always out there and have not taken their hands off of the keyboard. In the ASEAN region, the data breach of Tokopedia, Indonesia’s largest online store, with 15 million records of users, had been leaked by an unknown hacker. Health institutions are not an exception during this pandemic. Not only do they have to deal with life and death while fighting against the virus, but they have to worry about the increase in cyber-attacks associated with COVID-19 as well. Medical agencies in the UK have been hit by ransomware attacks, while in Mongolia, they were hit by digital coronavirus malware.
Manipulating the psychology of an individual has become one of the top attack vectors so far and it has been made possible through social engineering. According to KnownBe4, a prominent security awareness training company, cyber-attacks associated with COVID-19 have raised up to 60 per cent worldwide, targeting individuals and businesses in the first quarter of this year with 45 per cent of them asking users to either check or type their passwords on a malicious website that had spoofed the legitimate ones. The attackers leverage the COVID-19 situation through anxiety, using scare tactics and urgent calls to action including relief packages, help desk impersonations, safety measures, outbreak cases, and more.
Working from home is a new norm, bringing MSMEs to the attention of the endpoint (computer) security. When employees work from home, a new vector for cyber-attacks is opened on cooperation credentials, sensitive data, and intellectual property. Home network security is a large concern, as there is an average of ten Internet-connected devices per each home and most do not update their home routers for not just months, but years. Additionally, we rarely carry out security checks for PCs, laptops, and smart-phones, that can potentially be used as a stepping stone to attack our neighbours and others, even a thousand miles away.
Video-conferencing apps are currently becoming a new playground for bad actors. Due to the urgent change of working environments, most of the MSMEs choose communication platforms based on ease, convenience, and cost, but not on security and privacy. Naturally, every software and application has vulnerabilities, and some of those vulnerabilities could be exploited by attackers. Starting from Zoom to Microsoft Team vulnerability, most of these incidents fall into the hands of individuals who are using the technology themselves. Often, users are not equipped with basic cybersecurity hygiene and especially, up-to-date information on the events occurring in the cyber-world during this crisis.
The challenges do not only affect employees alone, but also the MSMEs that need to ensure their company systems and data are securely protected during the sudden spike of remote connections. The lack of cybersecurity policies such as remote access, back-up, access control, etc., in addition to technical measures including software licenses, antiviruses, firewalls, and patching will open doors for attackers to penetrate systems easier than ever before. In order for MSMEs to strengthen cybersecurity practices and digital exercises, they can adopt the following solutions:
Firstly, the telecommunication operators especially Internet Service Providers (ISPs), should ensure the stability and quality of their services to subscribers during this unexpected period. ISPs should exercise their business continuity process (BCP) playbook, if available, or risk losing their customers to other competitors.
Secondly, cybersecurity awareness and education are crucial for every single individual at an organisation, as they play equally important roles in defending against cyber threats. These programs should be categorised as Executive-level, IT-level and User-level. Furthermore, they should be done periodically, rather than waiting for a pandemic to trigger urgency, in responding to cyber-attacks.
Thirdly, organisations must stay updated and be aware of the vulnerability of videoconferencing software and patch their systems appropriately, in order to minimise the risk of cyber-attacks on critical digital assets. Subscribing to online cybersecurity content could help significantly.
Fourthly, home networks should be secured by updating all internet-connected devices to their latest versions and upgrading routers to their newest models. Home networks could unintentionally become safe-houses for cyber-criminals, to use as a stepping stone towards confidential data of a linked organisation, or even launching an international attack.
Fifthly, IT security policies should be implemented at the workplace concerning e-mail and Internet usage, back-up, etc. Internet access should be restricted and not available for everyone. A Virtual Private Network (VPN) should be used when there is a need to access internal resources. By having the capacity to monitor all connections in and out of an organisation’s network to better understand who is accessing what, it will allow for more time to stop malicious connections at an early stage.
Lastly, properly licensed software and applications should be used and updated whenever possible. This will help organisations to protect themselves from malicious activities targeting both people and data.
The COVID-19 pandemic is playing a crucial role in accelerating Cambodia’s digital transformation in both the government and private sector. Overcoming these unprecedented challenges can act as a digital exercise for all of us to be resilient in these types of extreme situations. Cybersecurity should be one of the top priorities for all MSMEs during this forced shift towards digital platforms. Transitioning out of this pandemic, a new normal for both work and life will continue to evolve, based on the utilisation of digital technologies.
This article was originally published via the Centre for Inclusive Digital Economy (CIDE) of the Asian Vision Institute (AVI).
*OU Phannarith is a Research Fellow at the Centre for InclusiveDigital Economy (CIDE) of the Asian Vision Institute (AVI) and Assistant Professor at the Build Bright University of Cambodia.
