Introduction

The COVID-19 global pandemic has ripped through our society like a tornado, displacing and destroying everything in its wake. This pandemic is no different from others that have hit throughout the history of humanity, except for one new dimension that did not exist earlier, the digital dimension. According to a Pew Research Center survey, only 7% of adults in the US say they do not use the internet, which means that 93% use the internet in some manner. COVID-19 has irrevocably shifted human attitudes and the direction of technology/cybersecurity on our planet. Whether it is our wide acceptance of technologies like Zoom as a natural way to interact with each other in a variety of social, educational, and work settings, or the mind shift around the acceptance of remote work or Zoom parties, or even the boost to the upcoming virtual, augmented, and hybrid reality of a metaverse, COVID-19 marks the beginning of another epoch in the modern history of humankind. In a seemingly contradictory way, COVID-19 has further exacerbated the digital divide while providing a fresh new boost to further innovation. It has led to the inevitable merging our physical and digital lives.

This shift in technology and how we use it has had even more implications on society as it has resulted in inequality, and dichotomy in the success of the technology-enabled industry versus serious challenges faced by core human interaction-based services. There is also the second order impact of the penetration of technology on the threat surface and exposure to cybercrime, and consequently, the need for better cybersecurity for the future. In this chapter, we dive deep into the impact of COVID-19 on technology and cybersecurity, human attitudes around technology, and the post-COVID technology and cybersecurity landscape through the lens of (1) the elderly population, (2) women and children, (3) the workforce, (4) the healthcare industry, and (5) the service industry. We conclude by taking a deeper dive to understand the progress brought about by the pandemic in the acceleration of various technologies in order to draw lessons for the future.

Elderly Population

The elderly population of the US (or even in the world) was a double victim of the COVID-19 pandemic. First, the daily routines of old people were sent for a toss due to social distancing, wearing masks, business and public place closures and countrywide stay-at-home orders. To make survival even more challenging, the elderly were forced to learn and adopt technology as their only means of accessing routine medical services, their personal finances, talking to their families or even just getting their day-to-day groceries delivered.

Cybercriminals, with their ever-expanding radars, quickly discovered this as a lucrative target. Taking advantage of the lack of technological knowledge and cyber-street smartness, they swindled the elderly using all the tools available in their arsenal, right from emails claiming to have the latest COVID-19 updates, to hijacking their Zoom sessions, to holding their data and devices at ransom. One story that gained popularity through the New York Times and later through many media channels was about how the mother of one journalist, Alina Simone, got her computer and data held at ransom and the challenges she faced to get her data back, besides paying the criminals the demanded ransom [1].

Alina’s mother got a ransom note on her computer screen on the Tuesday before Thanksgiving. At this point all her 5,726 files were locked. The hackers called CryptoWall demanded USD 500 in a week or USD 1,000 after that. They threatened that a week after that all her files would be lost forever. This particular type of virus infiltrates your device when you click on an attachment in the email. Once activated, it encrypts all your files and leaves one single file unencrypted for you to know that the data is still there.

After several attempts at trying to decrypt the files with professional assistance, she failed and decided to pay the ransom. However, the payment was not as straightforward as one might think. The hackers only accepted payment in Bitcoin. At the time, Bitcoin was not as accessible to the common public as it is today, and it was even harder for an elderly person to wrap her head around it. As we know, criminals are always a step ahead and anticipate that their “clients” do not know the process. As such, the hackers provided step by step instructions on how to procure the required amount of Bitcoin and transfer it to them.

Keep in mind that it was Thanksgiving time, and many banking institutions were on a break by the time Alina’s mother figured out how to make the transfer. She was already on day six, and the clock was ticking… She was finally able make a cash deposit via her bank to the unique Bitcoin “wallet” provided by the CryptoWall hackers. But due to the extreme volatility in the price of Bitcoin, her payment fell short by USD 25 by the time it was converted and deposited. The fastest way to make up for the shortfall was to make a direct deposit at a Bitcoin ATM. As you can imagine, this ATM was not like a bank ATM and was not easy to find. It was located in a hidden location that was a long drive away in the snowy conditions of winter. The ATM was housed in a hallway on the second floor of a cooperative workspace, tucked inside an old Nynex phone booth. Inside was a little white box with just a screen, no buttons, a camera eye, and a money slot. Upon presenting the provided QR code to the machine, it kept whirring for more than 20 min on the “Balance query in progress,” screen. After several hours of call attempts and voicemails to “Coin Café”, the owners of the ATM, someone answered and said that the “technical issue” was resolved.

Coin Cafe did not support criminals but was in the unfortunate position of brokering these kinds of ransom transactions. They were often faced with elderly parents crying on the phone at the threat of losing all their photographic memories stored on their computers or with small business owners who stood to lose their entire family income. Coin Cafe hated profiting from these desolate victims.

Unfortunately, after all the excitement and getting the final deposit at the last minute, the timer for the seven-day window had just run out and now the ransom had shot up to USD 1,000. Alina’s mother was desolate. At that time, someone advised her to use the message interface provided by CryptoWall and tell the criminals exactly what had happened—to be honest, in other words.

Taking their advice, she explained that the virus came in the same week that a major snowstorm had hit the state of Massachusetts and because it was a Thanksgiving holiday in the US, most banks were shut down. She laid out the entire story, her unexpected Bitcoin shortfall due to conversion rates, sending her daughter at the last minute to make the deposit at the Coin Cafe ATM, and the technical issues she faced at the ATM. She vowed that she had tried her best not to miss the deadline. Suddenly, a weird thing happened: She received her decryption key from the perpetrators!

One might think that the hackers took pity on the poor old woman and let her have her files back, but they had an ulterior motive of maintaining their reputation so that more people would resort to paying the ransom rather than deal with the authorities.

This is just one of the hundreds of thousands of stories about how hackers took advantage of the naivety of the aging population. There are several other stories out there about fake messages from grandchildren asking for money due to illness or being stuck overseas or malicious actors posing as individuals asking for money to help during quarantine. The American Association of Retired Persons (AARP) has also tracked the increasing scams with the group reporting that as of November 12, 2020, it had logged more than 250,000 complaints related to COVID-19 and stimulus payments, with more than two-thirds of the complaints being related to fraud or identity theft. AARP noted that nearly USD 183 million had been lost by consumers as a result of these scams with the average victim losing around USD 320 [2].

On July 8, 2020, the City of London Police reported that since January 2020 more than GBP* 11 million had been lost due to COVID-19 scams [3]. In Switzerland, one in seven respondents to a survey experienced a cyberattack during the pandemic period [4]. Between February 2020 and May 2020, more than half a million people were affected by breaches in which personal data of video conferencing services users (e.g., name, passwords, email addresses) was stolen and sold on the dark web. To execute this attack, some hackers used a tool called ‘OpenBullet’ [5]. Prior to the pandemic, about 20% of cyberattacks had used previously unseen malware or methods. During the pandemic, the proportion rose to 35% [6].

The only way to start eliminating these types of cyberattacks on the senior population is to prevent them before they reach the intended recipient. There are several resources available to seniors, such as public libraries that offer education about such vulnerabilities. Some of the easiest things to do would be to explain the importance of backing up personal information to external hard drives or by using a cloud backup service like Carbonite, perform timely software updates and take “patch” alerts seriously. Most of all, be cautious of all attachments and links. Legitimate businesses, especially banks, never send attachments or ask the recipient to click on links that ask for personal information. They never ask for a call to be placed to a call center where a mysterious “tech support” person asks for credentials or even asks to log into accounts. When in doubt, always find the number for the institution which issued the credit or debit card or do an independent internet search for the phone number and call the company directly. Even though some of these measures seem foundational, they are of paramount importance for protecting the average citizen. Our collective awareness and adherence to these basic principles can help make the cyberspace safer and more friendly for all.

Women and Children

The COVID-19 pandemic created a complete sea change in the way education is delivered. From day care and elementary school through high school and even all the way to college, there is no aspect of education that was untouched or unchanged by the pandemic. However, the impact is quite varied across the spectrum. The biggest impact was on the youngest of children and their caregivers. The usual mode of replacing in-person childcare and classes with a digital teleconference technology like Zoom is not very effective. Younger children are still learning verbal and social skills and much of their “education” is really just learning how to be in social settings. With the absence of reliable visual and non-verbal cues, it is extremely difficult for young children to keep their attention in the class (which is difficult even without the hindrance of technology). This had a big impact on their caregivers. A parent or care-giver would previously be able to drop the child off at school and proceed to their daily tasks, but now the parent or caregiver is forced to dedicate much of their attention to the child who is now at home instead. They must also find ways to support the child’s peer to peer interactions that were also curbed during the pandemic and were, therefore, spend even more quality time with their children. This led to many young families having to sacrifice the time of one of the earning adults for this purpose. This tended to fall disproportionately on women who are traditionally considered as the primary caregiver in our society. In addition to the economic, financial, health, and social impacts, this increased screen time and made children and caregivers more susceptible to cyberattacks.

As we move up the age bracket, the impact of digitized or online education on middle or high school aged children is arguably more manageable as they are much savvier with technology in general. By the time they reach middle or high school, they are better able to focus in the virtual classroom. There are techniques used by teachers which sometimes help increase productivity and participation. For example, turning the camera on, making sure that the teacher still has a very classroom like feel, and keeping the class more engaging to make up for the loss of in-person learning. These teleconference/Zoom like technologies can help children stay more connected with a more geographically dispersed set of friends (though there is of course the sacrifice of in-person interactions).

Since the students are spending so much time online, it opens them up to more social media interactions online which makes them more susceptible to cyber bullying and other nefarious behaviors like phishing attacks, cat fishing, identity theft, etc. “Zoom Bombing” attacks that have gained notoriety are example of nefarious behaviors that are a direct product of this enhanced digital interaction. With increased time spent online, these cybercrime activities can get exacerbated and cause children to be impacted in very real and tangible ways.

There are real losses in terms of team sports or even team activities like robotics (e.g., the annual robot competition and games organized globally by FIRST Robotics). In 2021, the competition was practically scrapped and replaced by an “innovation” challenge in which the participants could take part remotely. However, this took away the whole experience of understanding technology and its impacts to the real world— not to mention the camaraderie and social benefits of a team activity.

To summarize, there are three main takeaways for digital impacts on children due to the pandemic. First, technology has not had a chance to evolve to truly replace or even partially replace the loss of in-person interactions thus limiting the necessary social and team skills development. Second, the pandemic has forced all of us, especially children, to ramp up their consumption and use of digital and online technology which greatly increases susceptibility to cybercrime. Finally, the socioeconomic impacts on our world because of this, whereby the inequalities and devices that occur in our society, have been further accentuated. Thus, families with younger children who are usually financially more vulnerable are impacted more. And women, who still tend to take on more than their share of child care, are forced to take breaks from their careers.

Some of these trends are here to stay and will even develop further when the pandemic “ends”. The technology for better quality of interactions online will continue to develop, which also means that an increased threat surface created due to the pandemic is here to stay.

What is it that all of society can do? Ultimately, this is the question to which all seek the answer. First, awareness and education of technology and online behaviors is of paramount importance for both the children (as appropriate for their age) and definitely for their parents or caregivers. They must keep themselves well-informed about cybercrimes and other nefarious behaviors like cyberbullying of children. Reading and following such stories is one way. The other way is to enroll in, or subscribe to, a reputable cyber protection suite. At the very least, this combination would provide some level of protection against such reprehensible behavior. There are also socioeconomic impacts and so policies to protect privacy, especially for children, need to be implemented. Finally, good old-fashioned techniques like listening and parents staying close to their young children are more necessary in this brave new world than ever before…

We all need to remain aware and alert to global trends, local trends, and to specific clues of what is going on with our children. Dealing with them individually is key. There is one silver lining in all this. In some jobs, where working remotely is equally (if not more) productive, it is possible for parents to have a little more flexibility in their work schedules while still being able to take care of their children.

Workforce

Overnight, thousands of companies were forced to allow their workers to work from home. This was an easy transition for some, especially for those in the technology sector, where working from home or working “remote” was the norm even before the pandemic. However, for a large number of companies, remote-work was beyond their current technological capabilities. The only way they would continue to have a productive workforce was to very quickly shore up their digital capabilities including devices, networks, and tools that would allow their employees to continue operating from home as they did from the confines of their offices.

The biggest component that these companies needed to focus on, as they allowed their workforce to work from home, was cybersecurity and protection of the company’s intellectual assets. A study by the United Nations showed that cybercrime was up 600% due to the COVID-19 pandemic [7]. Since the start of the pandemic, ransomware attacks increased by nearly 500% [8]. Cybercrime is predicted to cost companies worldwide an estimated USD 10.5 trillion annually by 2025, up from USD 3 trillion in 2015 [9]. In 2020 alone, malware increased by 358% overall and ransomware increased by 435% as compared to 2019 [10]. This was just at the beginning of the pandemic…

Overnight, demands were placed on digital infrastructure skyrocketed. The lack of research and rudimentary use of technology also became a larger and more lucrative target for cybercriminals. Officials depend on digital channels to reassure the public and maintain order. With the increased demand on healthcare systems around the world, service providers are turning to remote technologies like virtual chat, email, phones, and telemedicine portals for remote counseling and diagnoses. Companies are allowing less secure forms of communication such as accessing enterprise applications through personal digital devices, with no mechanisms to enforce security or prevent loss of data.

This has opened new doors for cybercriminals. They are taking advantage of the increased dependency on digital vulnerabilities to capture confidential data, siphon money, and hold companies’ assets at ransom. By exploiting the psychological vulnerabilities of people, they are launching COVID-19-themed attacks in the form of phishing emails with malicious attachments or websites and apps that show patient count. These emails and apps enable malware to disrupt systems and steal data and credentials. Remote working tools such as Zoom and other videoconferencing systems have been hacked for vulnerabilities allowing “Zoom bombers” to hijack teleconferencing sessions/meetings and insert lewd, obscene, racist, or antisemitic material, typically resulting in the shutdown of the session and loss of reputation for the company.

The only way that companies can face this new digital future is to develop a leadership mind shift to the importance of security measures and allocate appropriate budgets to security as a “must have” not a “nice to have”. Some of the measures companies can take involve looking at cloud based security and platform services that markedly reduce deployment time. Additionally, companies that use secure remote access technology can give remote employees private access without a virtual private network (VPN) to enterprise applications and systems. Firms can also use privileged access management (PAM) services to allow special remote access to their information technology (IT) and application administrators [11]. Multi-factor authentication services, including biometric and text-based methods, enable stringent risk-based access to internal applications that are opened for remote access [12]. The following are some points organizations must consider for becoming more resilient:

  • Some organizations will need to move to new business operating models.

  • Companies will need to reset their security systems to ensure there are no outliers.

  • New cyber risks that appeared during the pandemic must be understood.

  • Corporate IT security architectures should be reassessed.

  • Updates must be made to remote access and bring-your-own-device (BYOD) policies.

  • Advanced technology must be deployed.

  • Use the most cutting-edge threat detection and response capabilities.

  • ‘User and entity behavior analysis’ or UEBA. This technology analyzes the normal behavioral patterns of users and detects instances where it finds anomalous deviations from the normal pattern.

Companies must ensure that employees who are working from home use either a company issued device or their own personal devices implement the necessary cyber hygiene practices. These include:

  • Antivirus protection: Companies must provide their employees with the required licenses for antivirus and malware software, even for use on their own personal computers. This basic measure may not be 100% failsafe, but it eliminates a lot of low-level attacks.

  • Phishing awareness: Regular phishing tests and campaigns must be conducted to ensure that employees know how to check authenticity of the sender’s address and not fall prey to real looking emails.

  • Cybersecurity awareness: Staff should be trained on best practices and procedures to ensure they are not sharing intellectual property or non-public information with non-company domains and cloud storage websites.

  • Virtual private networks: VPN’s provide an added layer of security to make sure the user logged in is an employee who can only get access to a company resource through the company’s network. This provides organizations additional capability to monitor and control the user’s access.

  • Home network security: As a part of cyber hygiene training, employees must be taught how to create secure passwords or passphrases that are not easily decipherable.

  • Identification of weak spots: All technology has weaknesses. Companies should routinely scan for vulnerabilities and patch the most critical vulnerabilities as soon as possible. Surprise penetration tests must be routinely conducted and infrastructure hardening should be performed.

  • Frequently scheduled reviews: Existing controls should be routinely evaluated for robustness and cybersecurity risk exposure. They must plan for handling any new vulnerabilities and cyberattacks.

  • Refresh business continuity, disaster recovery, and crisis plans: All lines of business need to keep their Business Continuity Planning (BCPs) updated and consider various cyberattack scenarios.

More advanced measures that can be taken include:

  • Apply new tools and technology: Companies should use advanced tools such as host checkers that ensure that any device connecting to the company network is secure before allowing it to access corporate information.

  • Intelligence techniques: Companies should use artificial intelligence (AI) based tools that identify relevant indicators of attacks (IOC) and address known attacks.

  • Risk management: Companies must adopt governance risk and compliance (GRC) solutions for improving their risk management posture. GRC solutions provide an integrated view of the company’s risk exposure linking various risk disciplines like cybersecurity, operational risks, and business continuity.

  • Be prepared in case of an attack: Due to the frequency and magnitude of modern day cyberattacks, companies must engage in frequent attack simulations and cyber war games to ensure preparedness.

  • Zero trust: Chief information security officers (CISOs), chief technology officers (CTOs), and chief information officers (CIOs) should consider implementing a zero-trust approach to cybersecurity. In this security model, only authenticated and authorized users and devices are allowed access to corporate applications and data. Users are not given access to anything unless they need it.

In conclusion, organizations must change their outlook from reactive to proactive and plan for scenarios from ‘if’ they get attacked to ‘when’ they get attacked. Preparation is key. Organizations need to increase security awareness among their workforce and quickly react to unforeseen events.

Healthcare

Did you know that Americans’ private health data is estimated to be worth up to 20 times the value of financial data on the Dark Web and is sought after by criminals and nation states alike [13]? This makes the Health and Public Health (HPH) Sector a primary target. As with most other growing sectors, the healthcare sector has been rapidly growing and evolving its technical landscape. Internet connected medical devices have been developed and widely deployed, without proper privacy and security measures in place. Proliferation of unregulated mobile apps leverage protected health information and personally identifiable information (PHI/PII) but do not secure it. Many healthcare personnel are overworked and undertrained on cybersecurity.

The advent of COVID-19 has forced many traditional medical institutions and healthcare providers to open up their cyber doors and start seeing patients online through video conferencing as well as exchange private health data through digital portals and email. At the surface, this is a great convenience, even a necessity, but without deeper measures taken to protect this data, it leaves yet another door open for malicious actors.

Some key statistics uncovered during this pandemic prove the point that this shift in digital healthcare requires much more regulatory intervention and security planning [14]:

  • Malicious URLs: 35,364 malicious COVID-19 websites were taken down in 2020 alone.

  • Phishing: In April 2020, Google reported blocking 18 million daily malware and phishing emails.

  • Malware: From January to April 2020, Interpol detected 907,000 spam messages, 737 malware related incidents, and 48,000 malicious URLs tied to COVID-19.

  • Several malware groups have been weaponizing COVID-19 maps and dashboards to distribute malware:

  • Trickbot is using COVID-19 financial aid schemes.

  • AZORult is being spread via malicious COVID-19 case tracking websites.

    • Ransomware attacks: Maze Ransomware attacked mid-Atlantic pharmacy in July 2020.

  • In May 2020, a European healthcare group was hit by Snake ransomware.

  • In June 2020, an eldercare group based in Maryland was attacked by the “ransomware-as-a-service (RaaS)” group, Netwalker. Ransomware-as-a-Service (RaaS) is an illegal enterprise developed by organized crime syndicates.

Even prior to the pandemic, we were aware that cybersecurity risks existed across the digital health landscape. Medical implants, like pacemakers, were always susceptible to cyberattacks. In October 2020, the Federal Bureau of Investigation (FBI) warned about the increasing attempts of large-scale ransomware attacks on hospitals and medical facilities [15]. At the end of 2020, there was a massive cyberattack on the US healthcare system, which in all probability pointed to nation state involvement. An enterprise patch management tool called SolarWinds used widely in the public and private sector was used as the vehicle to carry out this attack. Initially thought of as a supply chain attack, it was very quickly deemed to be way more complex than just the one software. This attack ended up affecting multiple private and governments organizations including the United States Department of Health and Human Services (HHS), a critical agency in responding to the COVID-19 pandemic in the US [16].

While this incident gained national media spotlight due to the probability of espionage by nation states, there were many other smaller scale malicious criminal attacks and exploitations during the pandemic. Cold storage units that maintain appropriate temperatures for COVID-19 vaccines were plagued with ransomware. Due to the mass scale disruption in the supply chain, COVID-19 vaccines were sold on the dark web at exorbitant prices. In another similar cyberattack, commercial vaccine related regulatory documents were stolen from the European Medicines Agency (EMA). The entire vaccine clinical development industry and supply chain witnessed such sustained cyberattacks.

Vaccine, medicine, medical device manufacturers, and healthcare delivery organizations are responsible for securing product design, network security, and undertaking thorough user and employee training to protect the consumer against phishing and other malicious schemes. As the US moves closer to the Internet of Things (IoT) model, regulations laid out by HHS’s cybersecurity guidance and safety communications must be heeded and followed even more closely [17].

A key factor to remember is that cybersecurity must be much more than an afterthought or a “good to have” add on, especially to respond to crises like COVID-19 and to develop digital health capabilities in the future. The role of the chief information security officer (CISO) should be elevated and made integral to digital health planning and implementation. Just like other healthcare licenses, cybersecurity training should be intensified and frequently refreshed for all healthcare employees and service providers. Cyber vulnerabilities in critical systems must be identified and proactively addressed.

Besides cybersecurity, the ability to provide a unified service to the patient is highly dependent upon coherent and accessible data structure, which proved to be a key aspect of the digital health revolution that the COVID-19 crisis exposed as a critical gap. Several critical health care data sources are very disjointed and do not facilitate continuous care despite the 2009 “Health Information Technology for Economic and Clinical Health” (HITECH) Act that pioneered the digitization of health information. This can have a crippling effect in critical situations because data is the backbone for digital technologies that support the global population. COVID-19 highlighted a unique group of lesser-known cases in the healthcare industry and health policy systems. These cases very quickly overburdened the capacity of the current technological landscape. To better understand the failure of the current system, it is important to conduct a national technology review and lookback. This is the key for developing solutions to address the gaps that prevent us from fully adopting technology to achieve healthcare that is equitable, efficient, effective, enhances patient experience, and saves lives.

The non-availability of data and digital interoperability was especially noticed when governments and research organizations were trying to understand the numbers and trends of COVID-19 contact tracing, the treatment capacity of the health system, patient encounters, and developments in the utilization of that capacity. New data modules were published by the US Centers for Disease Control and Prevention (CDC) to standardize the reporting of encounters, capacity, and utilization of data elements in an effort to provide more visibility. In March 2020, former Vice President Michael Pence ordered healthcare organizations in the US to present a daily report of case data. While this step was intended to help combat the pandemic, it became an even greater burden on the overstressed hospital and clinic staff to take on even more responsibility of manual data gathering, filling out a spreadsheet, and submitting it daily. No modern-day enterprise would tolerate such a method.

The key lesson to consider is that if no steps are taken to come to a common solution towards a comprehensive data architecture, similar to other non-healthcare industries, all of the digital tools and data assets of the decades are less useful and effective and will soon become antiquated. Looking forward into the future, the US needs to be prepared for a similar coordinated mass scale response to health crises. The only way to quickly and efficiently achieve this is by understanding the importance of data architecture and finding effective ways to define and create such an infrastructure that can be mobilized on demand.

However, not everything was all doom and gloom. COVID-19, being the first global pandemic of the digital age, also brought a lot of promise and opportunity. There are several shining examples of how digital health solutions and innovations helped in very critical ways during this global pandemic. The most notable acceleration, both in the United States and other parts of the world, was in the rapid adoption of telemedicine. There have, however, been less visible digitally dependent advances that are just as important across all sectors of healthcare, public health, and medical research. In many ways, the response to COVID-19 sparked years of advances in mere months.

Service Industry

The service industry as a whole is defined as that part of the economy that creates services rather than tangible objects.Footnote 1 In the United States, the service industry has seen a steady growth over the past century or so forming about three-fifths of the gross domestic product (GDP).

The impact of COVID on the service industry can be thought of in two broad ways: (1) those services that require physical proximity or contact for their delivery (like airline, travel, household services or healthcare or even some parts of art and entertainment; and (2) those services that need very limited, if any, physical proximity or contact (like insurance, financial services, and information).

With regard to buying or paying for the services, the pandemic has very much accelerated the existing trend for moving into the virtual world with services like Zelle, Venmo, or PayPal which have been experiencing increased usage. The pandemic has also accelerated adoption of online shops and e-commerce presence like Amazon and Shopify etc.

However, when it comes to consumption, there was a temporary dip during the pandemic in services that need consumption in-person like airlines. Industries like insurance became more virtual except of course when one needs the actual services like body shops for auto insurance, etc. Services needed by homeowners like plumbing and air conditioning remodeling, took a different turn. The demand for these services, increased since more people were staying at home and therefore looking to complete renovations they had otherwise neglected. To some extent some of these are quite basic services which would have similar demand no matter what. However, on the service provider side, due to the other impacts of the pandemic on people’s employment and what has been called “the great resignation”, there were fewer people providing services thereby significantly increasing the demand and the price of these services. It remains to be seen how permanent these impacts might be.

Then there is the restaurant industry where the pandemic pushed the industry almost exclusively towards delivery and take out based models many months before dine in. This greatly increased the demand for services like GrubHub, UberEats, DoorDash, and Postmates, or even Google’s online ordering or plain old order by phone. This industry (waiters and cooking staff, etc.) had a huge shortage of employees which resulted in many restaurants doing more business but with less hours and yet still managing to do a brisk business as the overall demand for food remained at a high enough level.

There is also the component of time in many industries for travel or eating out. Initially there was a precipitous drop in the consumption of these services but this was followed by a transformation (like in the food and restaurant industry). There was a resurgence in some services i.e., people are traveling more since they have a pent-up desire to travel now.

If we look at the long-term impacts, there are three main areas:

  1. 1.

    For buying and selling services: It is almost a requirement now for everybody to support the e-commerce option. Hardly any service industry can remain untouched by this shift. The pandemic has greatly accelerated the e-commerce transformation that started more than two decades ago.

  2. 2.

    For consumption of services: There is an impact to the model in some cases and the opportunity for a new business model for consuming the services. The food delivery business and restaurants can survive almost solely as a kitchen and food to go/delivery [18]. The boost to online education can impact the education industry quite a bit. Another area impacted was entertainment with more people streaming at home. A perfect example of this is the simultaneous release of movies in theatres and on an exclusive streaming service of their choice. This further accelerated the blurring of lines between streaming services and content creators.

  3. 3.

    Finally, the strange twist from increased unemployment at the beginning of the pandemic to now, experiencing a labor shortage (due in part to The Great Resignation), we are looking at an increase in automation in various parts of the industry. The most basic of these is the robot that delivers food to people eating in a restaurant. Instead of a human carrying a tray of the ordered food, this robot effortlessly navigates the restaurant floor and parks itself at the table where people can help themselves. Then there is the ordering of food or paying the bill at the end of the meal which is done with a terminal at the table. Even the backend services of cooking the meals are getting automated with robots like Flippy that can essentially flip burgers [19].

With all the increase in automation, online buying/selling, and even consumption of services, where possible, the threat surface of security and privacy issues will only increase. Many banks and other financial institutions are stepping up and providing more services to small businesses and consumers to keep them safe from cybercrime but it is still important for everyone from small businesses to consumers to get better education around cybercrime and take active precautions where necessary to keep themselves protected.

The Silver Lining

We instinctively think of things as good and bad but most things in life turn out to have two sides. Perhaps, the pandemic is no different. We have seen many impacts of the pandemic that can definitely be defined as “bad”. There are a few that we may perhaps call “good” or at least “not bad”. For example, connections with friends. One may be thinking what's so good about this? Well, in-person meetings definitely reduced during the pandemic. However, in many cases, in-person meetings were replaced by “Zoom” parties. The advantage there, was that no commuting was involved. Hence the connections could happen with less time investment. People in very different time zones could now also come together and still keep human connections alive, without having to travel. It is amazing how human beings can sometimes convert a disadvantage to be advantageous.

What about working from home? Working from home was a part of work culture even before the pandemic, however it was optional. Now it is no longer optional. Therefore, the inequality of a hybrid working environment was erased. Suddenly, there were no longer people who could whiteboard together and afford to ignore those secondhand meeting participants who were remote. Everybody was a secondhand participant, and therefore, everybody was equal. This type of equality resulted in more people being able to participate, more people to turn on their videos, and more people being sensitive to each other’s “disadvantage” due to being remote.

Working from home brought another advantage. Reclaiming the time spent on commuting. This time was now spent reconnecting with family, or exercise, or other forms of self-care, even more productivity for the company. Many companies saw a resurgence in productivity during the pandemic. This time was also spent working on one’s hobbies which were oftentimes neglected over the years because of professional priorities.

The pandemic also restricted many activities and choices. But in a strange twist, many of these so-called restrictions actually forced people to choose a healthier slower lifestyle. For instance, it forced people to spend more time outdoors or with nature. For example, the national parks saw an increase of 28% visitors in 2020 from the previous year [20]. People were also eating healthier because they were eating out less and, therefore, cooking at home more which tends to be healthier. Not to mention the drastic improvement in air quality in several crowded cities of the world due to reduced traffic on the streets!

The pandemic, like many other emergencies, forced human beings into unprecedented levels of innovation and collaboration. There are many examples in healthcare, education, and other essential services. For instance, the incredible speed with which the COVID-19 vaccines have been mass produced and made available in record time. This was made possible due to decades of research into mRNA-based vaccines [21]. It will open many doors for future vaccines to be made even more quickly. This has been possible due to collaboration technology that was scaled up to meet these new demands. People across the age spectrum adopted new technology and newer ways to collaborate and, therefore, contribute to innovation. But along with this deep adoption also comes cybersecurity risks.

Some of these practices are here to stay and, therefore, the need for education and awareness at all levels for cybersecurity will only increase. Ultimately, crises like the pandemic show the deep adaptability and capability within human beings to persevere and come through with the indomitable human spirit.

Metaverse: Future Digital Life

Ever since its advent, people have sought to use the personal computer as an escape from the reality of their mundane day to day life. It started with gaming personas followed by online chat forums and message boards to several channels of digital interaction that exist today. These channels not only offer anonymity, but also a chance to live a parallel life in which people can be whoever they want to be. In recent years, these channels have evolved into more sophisticated platforms that allow users to create their own virtual characters or avatars and make their interactions in this virtual universe even more life-like.

Today, this concept has evolved into what is known as the metaverse, which not only allows users to create their own virtual worlds, but also enables them to interact with others in this virtual universe. The term “metaverse” was first used in Neal Stephenson’s seminal 1992 novel Snow Crash [22]. It was defined as a shared virtual space—a platform that would encompass all virtual worlds connected together much in the same way that the internet connects various sites and apps. It was the internet, but in three dimensions, and something you could interact with through a screen or inhabit by donning a pair of virtual reality (VR) goggles. The COVID-19 pandemic accelerated the need for virtual interaction to go beyond leisure. The metaverse provides a platform for businesses to host virtual store fronts, organizations to conduct virtual conferences, and host booths where your virtual persona can visit and interact with other virtual personas. The possibilities are endless.

Since the early days of the pandemic, there has been an accelerated rise of virtual communities such as interactive gaming worlds and mixed reality activations as important lifestyle spaces for locked down consumers. Current and new developments in digital social experiences will lay the groundwork for the next phase of post-COVID online life. The dawning of the metaverse, an always on, real-time virtual environment, offer huge opportunities for brand engagement. Key drivers of the metaverse include average persons being stripped of their day-to-day activities, leaving them wanting an easier, more tolerable world. In the metaverse, one could have any number of realities and replicate experiences from real life. Due to the ongoing threat of COVID-19 and other future large-scale pandemics, the metaverse is filling many of the social gaps, constantly creating new interest and engagement. In this metaverse, people have the power to escape a pandemic burdened world. This is fast propelling us into a disease-free alternative reality—a metaverse that empowers us with the ability to do almost anything we can imagine, be it ordinary or extraordinary.

Several companies are opening digital headquarters in the metaverse where employees can ‘return’ to work. Businesses have been rethinking their workspaces ever since the lockdowns in the US during the spring of 2020. Several have decided on permanent remote work, while others are still debating on the value of physical presence. However, the pandemic has put the power in the hands of workers to make this decision for themselves, especially the ones who are able to fully engage and be productive remotely. Some people are still unsure about going back to shared spaces risking being among potential COVID-19 carriers.

On the other hand, the metaverse provides them a great long term consistent alternative that would remain unaffected by the COVID status of other co-workers. To illustrate the point, a company called eXp Realty that embraced the metaverse since 2016 conducts virtual meetings that are complete with meeting rooms, communal spaces for agents to take a leisurely stroll, and various multi-use areas for networking and mingling customers and team members as in real life. If the highly social realtor profession can find a way to bring real world, on-the-ground work into the virtual metaverse, surely anyone should be able to do it.

Education is another area that was severely impacted. Children missed several days of school during the COVID pandemic. They were constantly sent home to quarantine during 2021 due to risk of potential exposure to the virus from fellow students and teachers. This interrupted their education and made it difficult for them to keep up with their classroom goals. Many schools started their classes online but struggled to keep children engaged with their flat, unengaging discussion boards. An early experiment in the virtual world, a platform called Second Life, had a hard time attracting teachers and students in the 2000s but those were the early days of the internet and neither students nor teachers were as technologically adept as they are now. Roblox, a virtual experience platform, is trying to relaunch the effort. They recently announced a USD 10 million fund to help support online learning and development for students in the science, technology, engineering and mathematics (STEM) space. Their goal is to reach a 100 million Kindergarten to 12th grade students globally by the year 2030. They are already running a successful educational platform that has about seven million students enrolled to provide a proof of concept for metaverse schools.

Concerts and other entertainment venues suffered huge losses during the pandemic fearing that having thousands of people in a tight space could become a breeding ground for the virus. Performers are resorting to online concerts and other social events but those have a significant risk of last-minute cancellation. However, the statistics are different when it comes to the metaverse. The number of cancellations and no shows is significantly lower. Before the COVID-19 pandemic, only 45% of the population had attended virtual events like a concert. But in recent times, at least 87% have explored this avenue. Virtual events are a terrific bridge for people who miss the excitement and adrenaline rush of being in a high energy venue like an amphitheater with other people who share their passion. They provide a win-win situation for both the audience and the event staff by protecting them from the risk of COVID exposure. They don’t need to socialize since they aren't present physically, but they still get to experience all the excitement of attending an in-person concert or performance.

COVID has brought about major changes to many of our lives. With friends and family moving away and changing jobs, social media was the only way to stay connected. But it was unable to replace real world joint experiences. The metaverse will fill that gap where people are able to mirror their real lives. People everywhere are looking for ways to substitute their neglected social needs, whether they be at home, at work, or in school. This calls for momentous opportunities for the smart investor with the foresight to invest in these emerging disruptive technologies [23].

Conclusions, Lessons Learnt: Looking Forward

It is abundantly clear that this is not the first nor the last pandemic we and our children will face. If anything, we should take our collective human experiences from the past couple of years and use those to forge a much more resilient future for the generations to come. As we jet speed further into the digital age, we should prepare for a COVID like global cyber pandemic that will spread faster and further than a biological virus and will have equal or greater economic and psychological impacts. Our “new normal” isn’t COVID-19 itself—it is COVID-like incidents. The first step to achieving this is to examine the lessons of the COVID-19 pandemic and use them to prepare for the future [24].

Lesson #1: Get educated, be informed, stay alert

New York state was doubling the number of cases every three days before the lockdown. A cyberattack with characteristics similar to the coronavirus would spread faster and further than any biological virus. The following interventions are important for preventing the problem:

  1. a.

    Stay abreast with the latest technology news, keep your computers backed up, keep your software updated and patched.

  2. b.

    Be aware of nefarious cyber behaviors like cyberbullying of children. Keep a check on the software they use. Make sure it is always obtained through secure channels and kept updated for security.

  3. c.

    Healthcare companies and service providers should make cyber education mandatory for staff and ensure that they keep up with trainings similar to those for maintaining their healthcare licenses.

Lesson #2: The economic impact of a widespread digital shutdown would be of the same magnitude or greater than what we are currently seeing

A single day without the internet would cost the world more than USD 50 billion. A 21-day global cyber lockdown could cost over USD 1 trillion. Companies need to change their perspective from ‘if’ they get attacked, to ‘when’. Preparation is key, they need to increase security awareness among their workforce and quickly react to unforeseen events.

Lesson #3: Recovery from widespread destruction of digital systems would be extremely challenging

Finger pointing about the source and motive of the cyberattack as well as competition to be the first in line for supplies would inevitably lead to geopolitical tensions. The US healthcare industry needs to embrace the importance of data architecture and a unified backbone to provide seamless services across the country whether it is in-person or online care. The service industry must adopt a new business model for consuming services digitally. Whether it is the entertainment or the restaurant industry, new models of automation and requisite controls around that need to be standardized and widely adopted.

COVID-19 has revealed the importance of international, cross stakeholder coordination. Cooperation between public and private sector leaders is also critical, particularly when it comes to mitigation. But perhaps the most important lesson is that COVID-19 was a known and anticipated risk. So, too, is the digital equivalent.

However, we cannot discount the positives that have come out from this time of the global crisis. Humanity united to fight against one common invisible enemy. This showed us, once again, the resilience, creativity, and unity of the human spirit. There have been several glowing instances of the ways in which digital and online healthcare solutions and innovations assisted in extremely critical ways during this global pandemic. In so many ways, COVID-19 responses have sparked years of advances in just a few months. People became more sensitive to each other’s “disadvantage” due to being remote. Many companies saw a resurgence in productivity during the pandemic. The national parks saw an increase of 28% in 2020 of people trying to reconnect with nature and spending time in open spaces. Last but not the least, adaptation to the metaverse was inevitable but the COVID-19 pandemic helped speed up the timeline by years spurring us into the next level of our digital future.

In conclusion, to quote David Koh, Commissioner of Cybersecurity and Chief Executive of the Cybersecurity Agency (CSA) of Singapore “like the coronavirus, cyber threats are borderless and asymmetric.” We must unite on all fronts to face these together and to be better prepared for the inevitable threats of the future.