Hacker Alert: Why Multifactor Authentication Is a Must in COVID Age
One year into the pandemic, another dangerous digital dark side to COVID-19 needs immediate attention.
While most everyone is suffering from COVID-19 in different ways and many are looking forward to receiving the vaccine, hackers around the world are working hard to compromise any vaccine-related process with the hope of getting some personal, technical, or financial information from individuals online.
In the first half of 2020, the FBI received approximately 20,000 cybersecurity threats related to COVID-19. Several reports indicate a variety of vaccine-related cyberattacks on supply chain phases from the research stage to the distribution chain –transportation and storage– and vaccine-receiving users.
Aside from the financial and reputation losses for involved parties, such attacks can significantly affect the public’s trust in the vaccine. This is specifically more important as misinformation and conspiracy theories are rampant.
While it might be possible for an individual or company to recover from a financial loss, it is not easy to regain the trust of millions of Americans who were told COVID-19 vaccination will implant a microchip in their body to track their movements.
Awareness of the significance of this issue is an urgent concern and requires the attention of policy-makers, scholars, and the general public. President Joe Biden and his administration recently disclosed that they will take steps in fighting against COVID-19 related cyberattacks.
One of the most apparent attacks that target COVID-19 vaccine users is phishing. Phishing attacks have been constantly one of the top cybersecurity trends in recent years. Phishing attacks are the practice of sending fake communications –like emails– that pretend to come from a trustworthy source. More than 30% of verified breaches come down to phishing in addition to 78% of cyber-espionage incidents.
Multifactor authentication combines more than one scheme to verify users’ identities. Google indicates that implementing only an additional level of authentication can prevent up to 99% of bulk phishing and 90% of targeted attacks. It can also make some of the other prevalent attacks harder to deploy.
While implementing multifactor authentication schemes has been increased since 2017, the adoption rate is still low. To date, multifactor authentication is not mandatory for every industry.
In the healthcare industry, The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to impose measures of password security. While multifactor authentication is not mandatory under HIPAA, a good number of organizations in the healthcare industry implement two-factor authentication. This, however, does not guarantee the same level of security for the partners that work with those organizations.
Considering the recent rise in the number of cyberattacks, multifactor authentication is no longer a good to have technique but a requirement, not only for the organizations that deal with sensitive information but for all the providers and partners that work directly and indirectly with those organizations.
COVID-19 vaccine distribution has a complex supply chain that requires numerous vendors to be involved. If a hacker gets the credentials of a user in any of those affiliations, there is a chance to access information in all of the connected networks.
Revising the policies and supporting policymakers in this regard can be a significant step to enhance security. Mandating multifactor authentication can minimize future attacks which is a key in nationwide crises such as COVID-19.
While waiting for regulations to be put in place, it is urgent to promote the implementation of multifactor authentication by financially supporting the organizations that are open to the idea as well as raising research funds to develop easy-to-use multifactor authentication processes and strategies.
Complexity and the extra time needed to verify the device or log into the system may discourage end-users and employees to comply — older adults in particular. This can discourage organizations to implement multifactor authentication.
Making short videos and brochures to explain why this added authentication process increases security and how to use it properly can enhance the compliance rate among end-users. Additionally, training sessions can educate employees on how to work with multifactor authentication and debrief on ways it can reduce some of their responsibilities for their organization’s security.
As of today, more than half a million individuals have died from COVID-19 and its complications in the United States, and a delay in receiving and distribution of the vaccine for any reason can noticeably increase this number.
It’s now time to use top technologies to save lives as well as guard against financial losses caused by hackers and leave this crisis behind while being better prepared for future ones.
About the contributor:
Fereshteh Ghahramani is an assistant professor at DePaul University College of Computing and Digital Media. She is a Public Voices Fellow of The OpEd Project.
Watch the video below and learn why HillReporter is proud to associate itself with The Op-Ed Project: