Please RSVP Now to learn more about USAID’s Digital Strategy at the Global Digital Development Forum on May 5. Our amazing agenda features multiple sessions focusing on USAID’s Digital Strategy and and its impact on technology in development.
USAID launched the Digital Strategy in April 2020, charting a path for USAID to strengthen digital ecosystems while mitigating risks associated with digital development. The Strategy identifies cybersecurity as a prerequisite to maintaining the sustainability and value of development investments. It commits to expanding the cyber capacity of partner governments, the private sector, civil society actors, and citizens in partner countries.
The COVID-19 pandemic forced governments, businesses, and individuals to rapidly transition to living and working online. The unanticipated digital transformation presented an opportunity to spur development outcomes in emerging markets, but also significantly increased cyber risks in evolving digital ecosystems.
4 Cybersecurity Risks in Development
Cybersecurity is—and must be—a foundational element of USAID’s digital development programming. This means that digital development practitioners must understand the kinds of digital risks that exist within digital ecosystems and the associated cybersecurity mitigation and protection measures they should embed into development programs to address those risks.
Below we explore four cyber risk trends that emerged over the past year—and the opportunities they present for digital development programming.
1. An Explosion in Cybercrime
According to the UN, there was a 350% increase in phishing scams in the first quarter of 2020 alone. Cybercriminals took advantage of people’s anxieties and fears over the spread of COVID-19 to launch these campaigns, causing individuals to share sensitive personal data or install malware on their devices, inadvertently falling victim to cybercrime.
Demand for digital services will continue even after the pandemic, requiring all digital ecosystem actors and development practitioners to remain vigilant and aware of ever-evolving cybercriminal tactics.
What can we do?
The rapid shift to remote work and learning gave people, organizations, businesses, and governments little or no time to consider cybersecurity best practices. This seismic shift in the digital ecosystem is a wake-up call to strengthen our commitment to increased cybersecurity measures.
For example, development practitioners can deliver cyber hygiene trainings for their staff and institutionalize basic cyber hygiene measures, such as employing strong passwords, frequently updating software and hardware, and backing up data. Advising partner countries on building cybersecurity considerations into their digital strategies is also an important higher-level strategic consideration.
By helping develop key stakeholders’ resilience against cybercrime, development practitioners can fortify digital ecosystems against future threats.
2. Need to Protect Critical Infrastructure
In the last year, there has been a significant increase in the number of malicious attempts to access, manipulate, or shut down the digital systems managing critical infrastructure—sectors vital to economic activity, public health and safety, and national security—threatening the health and well-being of citizens globally.
In India, for example, the banking industry rapidly digitalized to provide continuity of services to customers during the pandemic but failed to integrate cybersecurity measures; as a result, many financial institutions fell prey to cyberattacks—over 40,000 in the last week of June 2020 alone.
These attacks damaged the banks’ reputations, caused financial losses, and disrupted services for customers and businesses—precisely what banks were trying to avoid by rapidly going digital in the first place.
What can we do?
Critical infrastructure remains highly vulnerable to cyberattacks. To counter these cyberthreats and quite literally keep the lights on, development practitioners should prioritize basic cybersecurity best practices by:
- building individuals’ abilities to put in place simple protective measures like strong passwords;
- encouraging organizations and governments to adopt processes and practices that enable them to identify, mitigate, and respond to the changing threat landscape;
- promoting cyberthreat information sharing across development programming;
- developing guidance to improve safer technology procurement in order to prevent the integration of vulnerable hardware or software into a network;
- funding data collection and research on cyberthreats to development programming, including those working with critical infrastructure sectors.
Because both public and private sector actors operate critical infrastructure, it is vital to collaborate with the private sector in key industries— such as health, finance, energy, telecommunications, and water— to advance measures that build cybersecurity resilience for all.
3. Rapid Spread of Mis- and Disinformation
The COVID-19 pandemic greatly accelerated the global volume of mis- and disinformation. The “infodemic” universe grew so rapidly that it became enmeshed in other longstanding conspiracy theories, like those around the safety of 5G.
To debunk myths that rapidly spread on social media platforms and messaging apps, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) published a COVID-19 disinformation toolkit and news outlets began publishing mis- and disinformation trackers. Additionally, malicious actors carried out cyberattacks in the public health sphere.
In late 2020, the European Medicines Agency fell victim to an attack in which documents related to COVID-19 vaccines were edited and leaked, threatening to undermine public trust in vaccine rollout.
What can we do?
The COVID-19 “infodemic” shows that the proliferation of mis- and disinformation is unpredictable, fast, cuts across sectors, and can cause harm to institutions and individuals alike. This demonstrates the need for continued investment in countering mis- and disinformation across all sectors, including health, education, and governance.
Development practitioners can counter such threats by ensuring access to open and secure data and communications platforms and by providing digital and media literacy training. Additionally, it is essential to strengthen the capacity of local media organizations and journalists to ensure fact-based reporting and encourage dissemination tactics that actively combat mis- and disinformation.
4. Supply Chain Vulnerabilities
Companies and organizations all over the world procure third party services or partner with technology vendors to improve their business operations or service delivery. Yet, as demonstrated through the far-reaching SolarWinds cyberattack, relationships with third parties can inadvertently introduce cybersecurity vulnerabilities that malicious actors can exploit.
In many countries, supply chain risks also manifest through the installation of pirated software, generally an effort to cut costs in the immediate term. But in today’s globally connected supply chain, such actions may introduce malware into critical systems, resulting in costly consequences in the long-term.
What can we do?
As the demand for digital services and programming continues to grow, development practitioners should closely follow USAID (and other thought leaders’) guidance to make informed decisions about securely procuring hardware or software and monitoring known vulnerabilities in the supply chain, such as subscribing to CISA’s National Cyber Awareness System Alerts.
This will keep partners and practitioners up-to-date on the latest vendor vulnerabilities, providing opportunities to strategically plan for instances where a network or system might fall victim to a supply chain vulnerability.
Practice Good Cyber Hygiene
No one could have predicted how 2020 would reshape our daily interactions and change our collective relationship to technology. While the trends discussed here remind us that increased investment in cybersecurity programming is essential for our safety and wellbeing, the cybersecurity landscape is constantly evolving.
Practicing good cyber hygiene, building capacity in digital and media literacy, and staying vigilant to cyber threats is not enough. Donors and implementers must also continually engage and learn from one another, document cybersecurity trends, and learn from interventions that build the cyber resilience of key digital ecosystem stakeholders.
Despite the dramatic changes over the last year, USAID’s Digital Strategy continues to provide a blueprint for secure and responsible future investments in digital access, inclusion, and cybersecurity.
Authors: Galia Nurko, Digital Specialist, and Inta Plostins, Digital Specialist, DAI’s Center for Digital Acceleration.
Sorry, the comment form is closed at this time.