Balancing Public Health And Data Privacy: Where Does COVID-19 Meet Cybersecurity?
The current coronavirus pandemic is the first global pandemic that many of us have experienced in our lifetimes. It’s also the first pandemic ever that is being fought, and in many cases won, through innovative technologies providing medical solutions. Technology is being unleashed on every front: consider this a battlefield and technology is our cache of weapons. It is being used to measure the progress of the pandemic; deliver possible digital health solutions; and even think up creative ways to nail the social distancing imperative. It has also enabled a fair portion of the world to stay up and running, albeit working from home and via online conference calls. Diplomacy has been turned on its head, as all kinds of countries are unexpectedly coming together to share key data and policies to control the spread of the virus globally.
Get started on your cybersecurity degree at American Military University.
So, where’s the catch? We now see headlines about how the transfer, remote access to, and analysis of this data (medical and otherwise) – and a series of recent cyber-attacks – raise some data privacy concerns: who has access to which data and for how long?
This delicate interplay between privacy and data protection on the one hand, and the protection of public health on the other, presents a number of challenges. “There are a number of reasons why we should be wary of the new information-sharing reality that the global pandemic has created,” says Achiad Alter, a cybersecurity adviser to Start-Up Nation Central, and the founder of the Cybersecurity Unit at the Israel Export Institute, “but we are lucky to have versatile technology and cybersecurity on our side to help us assess risks and make the right decisions to stay safe.”
“Everything we do is exposed and documented”
Around the world, governments have been applying technology to conduct mobile location tracking of infected, or potentially infected, citizens and to enforce quarantines. In China, popular platforms Alipay and WeChat deployed a health code service, developed for the Chinese government, to provide citizens with red, yellow or green statuses according to their health records and travel history. The Israeli government “has the ability to pinpoint your whereabouts and the people you were with, using data from cellular providers and other implied means,” Alter says. Using mobile data therefore can enforce quarantines and encourage self-quarantines.
At the same time, experts are cautious about this new level of visibility into our lives. “Everything we do is exposed and documented,” Alter says. “That’s added to the risk of attackers hacking or gaining access to email and web accounts, thereby gaining the ability to completely obstruct someone’s personal or professional life. This is something that could potentially happen with increased data collection by governments, or even hostile entities that could access our accounts due to the new state of data exchange post-COVID.”
Will hijacked Zoom meetings become part of the remote work experience?
With the onset of social distancing in most countries, businesses “deserted” the office and began working remotely from home. For large organizations that were equipped for telecommuting prior to the crisis, only minor adjustments had to be made. But for the majority of companies, sufficient frameworks, policies and solutions to protect organizational data were not in place, potentially exposing employees’ personal and professional data to hackers eager to manipulate the current situation.
Organizations are now exposed to new threats, such as remote VPN connections on household Wi-Fi networks with weak security controls – with employees no longer working under the security umbrella of their employers’ protected networks.
In terms of upping security measures for communication platforms, Alter refers to the recent security breaches on the popular online conference platform Zoom, in which underground hacker forums circulated and sold thousands of users’ credentials, and the unfortunate practice of “Zoombombing,” or the hijacking of meetings, to display profane or malicious content.
“Cyber criminals and hackers try to take advantage of the current situation to gain access to our computers to steal information,” Alter says. “That’s where cybersecurity meets privacy.”
Alter noted a number of Israeli cybersecurity companies that are laser focused on these challenges: BitDam, for example, has developed a solution that protects Zoom calls. Its advanced threat protection solution blocks content-borne attacks across all enterprise communication channels, including email, cloud storage, and other platforms.
Increased interest in Israel’s cybersecurity companies
Cybersecurity is one of Israel’s most vibrant innovation sectors, with more than 420 startups and tech companies. Now, they’re seeing an increased interest due to the new cybersecurity threats:
In the field of secure remote access, Perimeter 81 provides a SaaS solution that encrypts user data to prevent hackers from accessing personal or professional information, and provides users with anonymous IP addresses so that their identity and location cannot be tracked.
In the field of intelligence, IntSights has been fighting fake news on social media and fake sites on the World Wide Web, with a recent focus on fake coronavirus news. It’s currently working in collaboration with the World Health Organization to fight misleading and oftentimes plain dangerous sites. In addition, the startup delivers early warning of hacking and fraud attacks, exposes and interprets hacker reconnaissance and then provides organizations with the tools to avert harmful attacks.
In the privacy protection subsector, Duality Technologies provides data collaboration solutions using advanced homomorphic encryption and data science, giving organizations the ability to derive insights on network behavior.
In order to track the potential for data leaks in real time, data security startup Cognni (formerly known as Shieldox) deploys a “risk radar” and autonomous AI data protection to track data and block any risks, using clientless shielding technology, while also providing visibility into where files are and who has tried to access them.
At the device level, endpoint architecture platform Hysolate allows users to run multiple operating systems on one device, while maintaining security and ensuring a productive remote working experience.
Once data has already been breached, data loss prevention technologies, such as ITsMine’s AI solution, work to automatically and proactively protect against internal and external cybersecurity threats. The company sends alerts on breaches and critical forensic information to system administrators.
Phishing (email scams) is one of the major ways hackers are able to gain access to data, which is where companies’ cybersecurity education and awareness levels come into question. Enter Israeli startups IRONSCALES, which offers a fully automated anti-phishing solution to enhance security, training and response; and Dcyoa, which offers a security awareness and education solution that aims to improve organizational compliance, expand security knowledge, and change employees’ security behaviors.
“Now is the time to establish our boundaries”
Can all these technologies ensure our data privacy rights are maintained, even with the new data sharing challenges coronavirus has created? While limits on data privacy rights seem to have had real impact in curtailing the spread of the virus, these new developments raise a number of concerns. How do we ensure the responsible management of our data?
“It is important to define when boundaries have been overstepped,” Alter says. “Our privacy as individuals and as a society is being challenged, and will continue to be challenged, without a doubt. That is why now is the time to establish our boundaries, and to strike that tricky balance between data privacy and the complex reality of the COVID-19 era.”
Visit CoronaTech Israel to learn more about COVID-19 solutions, funding opportunities, and more.