Adrien Ogée, Chief Operating Officer of the CyberPeace Institute argues that for something as sensitive as cybersecurity assistance, nothing beats local word of mouth and transitive trust.
The first quarter of the year saw a number of cybersecurity incidents happen on the margins of the pandemic, with healthcare organizations and their support services, from ventilator manufacturers to vaccine research centers, being targeted by phishing campaigns, ransomware, denial of service attacks, infodemics, and more.
Cyberattacks impact real people
With increasing numbers in the global population contracting the COVID-19 virus and requiring healthcare, anyone — anywhere in the world — can be under threat from a cyberattack, with potentially life-threatening consequences.
In September, a 78 year old patient died in Germany after the hospital where she was scheduled to receive treatment was hit by a ransomware. This demonstrates the critical link between modern healthcare and cyberspace. The hospital in Dusseldorf where this happened had access to cybersecurity services and government support. Many healthcare organizations in the world, along with their supply chain, do not.
It is the CyberPeace Institute’s mission to direct assistance to vulnerable populations targeted by large-scale cyberattacks. This is why we created Cyber 4 Healthcare in June this year.
Cyber 4 Healthcare scales up assistance to such populations by connecting commercial partners willing to offer free assistance to healthcare organizations anywhere in the world in need of cybersecurity services. Eight companies signed up to the initiative : Bi.Zone (Russia), CybeReady (Israel), CybExer (Estonia), Global Cyber Alliance, Microsoft, Rapid7, Unisys and US Medical IT (USA). The initiative also counts on the support of FIRST, the Global Forum for Cyber Expertise, Sightline Security and SEC3R.
To support its outreach strategy, the Institute onboarded 5 volunteers who helped contact over 900 potential beneficiaries in multiple geographies, and after 4 months of operations, more than one million people have seen our ads, or read about Cyber 4 Healthcare.
Over 100 requests for assistance have been received so far, albeit few actually conclusive. At the moment, the partners of Cyber 4 Healthcare are actively supporting 5 organizations in 3 continents, helping them respond to a variety of security issues.
In Digital Safety Technical Assistance at Scale, the Citizen Clinic at UC Berkeley rightly underlines the importance of localizing and contextualizing cybersecurity assistance efforts. And, while a strong brand and contextualized, translated and targeted digital marketing campaigns do help to let potential beneficiaries know about an assistance service, these are not enough to initiate first contact.
For something as sensitive as cybersecurity assistance, nothing beats local word of mouth and transitive trust.
But sensitivity isn’t the only reason users of Cyber 4 Healthcare found it hard to reach out or share information. It takes confidence for a CIO or COO of a hospital or a small NGO to recognise that he or she does not know enough about cybersecurity. Initially we asked potential beneficiaries what service they thought they required: A/B testing quickly showed this was scaring them off more than helping them out.
To those leaders we were able to speak to, making them understand that part of their responsibilities in cyberspace was acknowledging the things they did not know, proved valuable in bringing them on board and developing a trusting relationship.
The CyberPeace Institute is actively working to close the accountability gap, which far too often is believed to start and end with criminals, government and large corporations. We think that everyone has a role to play towards achieving cyberpeace, which is different from saying that cybersecurity is a collective responsibility.
We believe that by looking at the upside, that is the benefit of creating a digital world in which life can be enjoyed far beyond the mere absence of conflict, we can change the scare narrative that our industry has perpetrated over the years.
Cyber 4 Healthcare is constantly undergoing changes to better reflect the reality of healthcare workers on the ground. As we build capacity and look towards the future, we acknowledge ourselves that there is a lot we do not know. And so we learn.
➡️ Watch LIVE 30/09/2020 at 15:00 CET: CyberPeace Lab: CyberSecurity Corporate Volunteering: State of Play