Home / Resources / ISACA Journal / Issues / 2022 / Volume 2 / Cybersecurity in a COVID 19 World

Cybersecurity in a COVID-19 World: Insights on How Decisions Are Made

Author: Maik Fichtenkamm, Gerald F. Burch, Ph. D and Jordan Burch
Date Published: 12 April 2022
Related: State of Cybersecurity 2020 Part 2: Threat Landscape and Security Practices | Digital | English

The COVID-19 crisis has created a cyberpandemic1 that is due, in large part, to decisions made by organizational leaders and stakeholders.2 The average cost of a data breach has risen to US$4.24 million, yet many enterprise owners still think it is unlikely that their organization will be targeted.3 Industry experts say they are wrong. In today’s environment, where organizations have been forced to shut their doors and send staff home, it is not a matter of if one will be attacked; rather, the question is, when?4 This can be attributed to recent changes in work environments, wherein many managers have adopted a “perform any aspect of the job from any location” approach. As a result, cybercriminals have many more targets—and a cyberpandemic has ensued.

It is worth examining the new cyberworld: one where more employees work from home, data are held in more places and shared frequently, and employees often use new technologies. Rational choice theory5 can be used to take a deeper look at the concepts associated with making decisions in this new world, including what organizations can do to better prepare themselves to defend against cybercrime in the age of COVID-19.

Rational Choice Theory

Individuals regularly make rational choices to achieve their personal and 

professional goals; however, they often do not know exactly what influences their decisions and outcomes because they do not consider all potential variables. Rational choice theory helps fill the gaps.

Rational choice theory is the process individuals use to make decisions (figure 1). Information is gathered (both intentionally and unintentionally) by the decision maker—in this case, about cybersecurity—and the decision maker takes action based on how the information they have learned influences their interests and beliefs about cybersecurity. Interests can be subjective. Some decision makers may be focused on security, while others may be more interested in cost or productivity. Information also impacts whether the decision maker believes their actions will result in the desired change (which is constructed based on their beliefs about opportunities and outcomes). The decision maker usually avoids decisions when they believe the action will not help them achieve the outcome they desire.

Finally, the decision maker acts, and the outcome follows. Yet the outcome may not be what was expected because the environment can alter the relationship between actions and outcomes.

As with most models, the real world is much more complex. Every individual inside and outside the organization can act as a decision maker. Managers’ actions become information for employees, who can alter their interests and beliefs based on this information and take action. Employee actions become information for cybercriminals, who alter their own interests and beliefs and then take action.

Figure 2 illustrates decision makers taking actions and gathering information about each other and the details of their environment. This creates an environment rich with information, where the actions of one group can significantly alter the outcomes and actions of other groups. A final consideration is how the environment can change the information people receive, alter their interests and limit their beliefs about how much they can influence outcomes with their decisions. It is quite possible that no single event in recent history has been so influential in changing these factors as the COVID-19 pandemic.6

Cybercriminals may have been the only decision makers who believed the early pandemic environment provided them with any chance to shape the future with their actions.

Information
When making rational decisions in a complex environment, the first item to consider is information—for this discussion specifically, the information provided about the pandemic and cyberthreats, especially at the start of the pandemic. According to the World Health Organization (WHO), the COVID-19 virus was first reported on 31 December 2019.7 Less than three months later, then-US President Donald Trump declared a national emergency concerning the coronavirus on 13 March 20208 and “15 days to flatten the curve” became the storyline on 22 March 2020.9 Figure 3 summarizes the information being shared during this time across three groups: managers, employees and cybercriminals. Figure 3 also shows the progression of information resulting in interests, beliefs and actions.

Interests
Information can often influence and change interests. This was certainly the case during the first several months of the pandemic, where the interests of managers, employees and cybercriminals were focused on how to mitigate—or take advantage of—the impact of COVID-19. Fear and lack of information forced many managers and employees to focus on meeting basic needs: business survival and personal survival. Reports of supply chain and manpower shortages, coupled with increasing COVID-19 cases and deaths, took attention away from doing business as usual. This change in interests influenced business and personal behaviors.

Beliefs About Opportunities and Outcomes
Information that arose during the first several months of the pandemic also changed how managers, employees and cybercriminals believed their actions could affect outcomes. The lack of information and the uncertainties associated with COVID-19 led many to doubt how much influence they could have on the unknown. Lockdown restrictions went from days to weeks and then months. Definitions of essential personnel changed, and government regulations limited gatherings and business activities based on changing requirements. Cybercriminals may have been the only decision makers who believed the early pandemic environment provided them with any chance to shape the future with their actions.

Actions
The new information and lack of information simultaneously altered interests and beliefs about how much people thought they could shape the environment with their actions. Actions by all decision makers were altered. Figure 3 shows how managers and employees shifted their focus from IT security to other matters. Managers went from requiring work in secure locations to encouraging employees to perform every aspect of every job from anywhere. This information led employees to perform their work on any device, on any network and with any possible software or application. Employees also found themselves in new environments, sharing their time and resources with close family members, roommates or even strangers.

Work tasks often became a secondary priority and, presumably in some cases, less attention to detail was given. Instead, some employees managed personal obligations, shopped online, provided childcare and tracked the latest information about the virus. These actions were significantly different than what was occurring just weeks before; therefore, it is no surprise that outcomes changed as well.

Outcomes
The COVID-19 pandemic drastically escalated cyberissues, as shown by several key statistics:

  • Cyberattacks during the early months of the COVID-19 pandemic increased (30,000 cyberattacks between 31 December 2019 and 14 April 2020).10
  • Daily cybercrime complaints increased by 300– 400 percent.11
  • From January to April 2020, 907,000 spam messages, 737 malware incidents and 48,000 malicious uniform resource locators (URLs) were registered.12
  • Average ransomware payment amounts increased by 60 percent during quarter 2 (Q2) 2020.13
  • Google blocked 18 million COVID-19-related scams daily.14
  • Phishing attacks increased by 220 percent compared to the annual average.15

According to IBM’s Cost of a Data Breach Report 2021, the average cost of a data breach in 2021 increased to US$4.24 million.16 Figure 4 shows the increase in cost during the COVID-19 pandemic (US$360 thousand per breach) and reveals a significant spike upward in 2015.

The severity and frequency of cybercrime also increased, with the worldwide cost expected to rise from US$3 trillion in 2015 to US$10.5 trillion by 2025.17

To further analyze these results, cybercrimes can be broken down into two major categories: cyber-dependent and cyber-enabled. Cyberdependent crimes “can only be committed using a computer, computer networks, or other form of information communication device.”18 However, cyberenabled crimes are “[T]raditional crimes which can be increased in scale or reach by use of computers, computer networks, or other forms of information communication technology.”19 A timeline of the major cybercrime incidents during the first several months of the COVID-19 pandemic identified 43 unique attacks throughout the world.20 Figure 5 illustrates the percentage of attacks by category and type of crime. The percentages do not add up to 100 percent because some crimes could be categorized in multiple ways (e.g., phishing that distributed malware).

Cyber-enabled attacks were the most frequently occurring type of attack during the COVID-19 pandemic, and phishing attempts were the most popular method. Phishing is a social engineering crime involving accessing information by deceiving the target user. However, by definition, the user must take an action to enable the cybercriminal, so these attacks are almost completely avoidable. The low cost and high probability of success make these attacks very popular among cybercriminals. During the early phases of the COVID-19 pandemic, many fake websites were registered with the words “COVID,” “Corona” or “World Health Organization (WHO)” to appear more authentic and increase user trust in hopes of getting users to take actions that would allow the attacker into the user’s organization’s systems.

Cyber-dependent crimes involve the use of malware in 65 percent of cases.21 Malware can exist in the form of viruses, bots, worms, trojans, spyware, adware and crypto miners. The most common type of malware is ransomware, use of which increased by 36 percent in Q2 2020.22 Ransomware often uses malicious websites or infected email attachments to access a device. Again, the user must perform an action to allow the software to access their device. Ransomware then encrypts data on the device and demands money to decrypt the data. The average ransomware payment increased by 60 percent in Q2 2020 to US$178,254.23 Two malware programs worth mentioning are COVIDLock, a ransomware application disguised as a heat map to unlock a user’s screen,24 and the Trojan Trickbot, which Microsoft has listed as one of the top malware operations taking advantage of the pandemic.25

Although the most frequent types of cybercrimes do require an insider to let in the attacker, that is not the case for all cyberattacks. An international search of COVID-related cyberattacks during the first five months of the pandemic showed denial-of-service (DoS) attacks occurred in 5 percent of cases.26 These attacks flood the user’s system with requests to limit its availability to perform other tasks. DoS attacks often occur as a distraction to allow hacking attacks to compromise a system. Hacking attacks occurred in 5 percent of cases.27 Finally, brute-force attacks, which aim to find passwords or usernames on a trial-and-error basis, also increased sharply, especially with the Microsoft Remote Desktop Protocol (RDP).28

For many organizations, working remotely for a long period of time was not part of their business continuity planning (BCP).

The last type of pandemic-related attack examined here is the advanced persistent threat (APT), which involves cybercriminals targeting select institutions to gain network access. Since the COVID-19 pandemic began, pharmaceutical and healthcare organizations have been affected by the theft of sensitive personal data and intellectual property data of healthcare providers. In the healthcare sector, cyberattacks more than doubled in 2020.29 This may be in large part due to the conditions at such institutions. Cybercriminals are expanding their attacks on the healthcare industry by preying on the fear associated with the uncertain social and political conditions. This is further compounded by the increasingly common online requirements of many healthcare organizations.

Current Environment and Associated Cyberissues

Rational choice theory serves as a reminder that the previously described outcomes are a result of environments and the actions of the decision makers within them. At the start of the COVID-19 crisis, many organizations focused on the rapid development of an adaption to remote working capabilities, while cybersecurity was treated as a low priority. For many organizations, working remotely for a long period of time was not part of their business continuity planning (BCP). Instead, the focus was on having essential personnel work mostly onsite, if possible. The notion of a geographically dispersed workforce was often not considered.

Organizations’ employees have also been psychologically affected by the COVID-19 pandemic. Fear of infection, lack of social contact, increased at-home or family responsibilities, and the lack of physical activities added to employees’ stress and distraction. Employees working remotely often work longer, more irregular hours, which can make employees feel more tired. A study on the impact of the pandemic on mental health showed that 35 percent of employees felt tired often had low energy, and another 32 percent stated they sometimes were tired or had low energy specifically due to COVID-19.30

These statistics shows that remote employees are not always in an ideal position to perform their tasks.31 and can more easily make security mistakes. Lack of attention may be one reason why 47 percent of people who work from home fall for phishing scams.32 Similarly, spoofed email addresses of customers or suppliers allow for business email compromise attacks on the inattentive employee.

The result is that working remotely can increase security vulnerabilities and the cost of recovery. The average cost of a data breach was US$1.07 million higher for organizations where remote work was a factor (which accounted for 17.5 percent of all breaches).33 One reason this cost is so much higher is that it can take the organization longer to detect and contain the breach. Organizations that had more than 50 percent of their employees working remotely took an average of 58 days longer to identify and contain the breach than enterprises with fewer than 50 percent of employees working remotely.34

Figure 6 presents the 10 types of data breaches and distinguishes them by category and percentage of their occurrences. The largest segment (38 percent) of all data breaches is directly related to employees, and an additional 20 percent come from organizational systems.35 This means more than 50 percent of all data breaches are related to the actions of employees. This number could be even higher if considering the actions, or lack thereof, managers take to avoid cybersecurity attacks.

One manager action that has helped increase security is the implementation of artificial intelligence (AI) and automation. Figure 7 shows that organizations with fully deployed AI and automation had an average data breach cost of US$2.9 million, compared to those who had not begun deployment (US$6.71 million). It is encouraging that more enterprises are choosing to use AI and automation, yet there are still 35 percent of surveyed organizations that had not started the process.

Discussion

The COVID-19 pandemic has significantly changed the cyberworld; attacks are more commonplace and the cost of breaches has increased. Rational choice theory can be used to reach the following conclusions about the way decision makers have adjusted their behaviors during the pandemic:

  • Information, and lack of information, altered manager and employee interests and beliefs, especially at the start of the pandemic. Interests shifted away from security for some. Many believed their actions could not positively affect outcomes.
  • Interests and beliefs about the pandemic changed the actions of managers and employees. Work was performed anywhere, on any platform, on any software and on any network. Temporary solutions were accepted as sufficient.
  • Cybercriminals took advantage of the lack of focus on security and increased attacks on soft targets (e.g., humans, software, hardware).
  • Proper information and awareness about cyberthreats can reverse this trend, especially if managers provide employees with a plan of action. 
The pandemic has changed the nature of work, and cybercriminals have enjoyed a long period of weak security systems and fearful employees.

Recommendations

With cyberattacks on the rise, organizations need to make cybersecurity a high priority. Improvements can be made in three areas using rational choice theory.

  1. Information, Interests and Beliefs
    A survey of small and medium business (SMB) owners in January 2020 in the United Kingdom and United States showed 60 percent of SMB owners believed they would not be attacked by cybercriminals36 This belief is shared among many managers and employees. Rational choice theory shows that one way to alter these beliefs is through information. Managers should provide employees with specific information about cybersecurity threats. This includes sharing details about the costs and likelihood of a cyberattack occurring and example cases. Providing a consistent and frequently updated flow of information helps shape beliefs about and interests related to cybersecurity. Although this may seem like an obvious solution to many, only 30 percent of enterprises report conducting user education and awareness to reduce cybercrimes.37

    One practical means of altering organization member beliefs and interests could be through a weekly email highlighting the major cybersecurity threats that week. Creating a dialogue with organization members and keeping cybersecurity information relevant and timely will help shape the beliefs and interests of the organization.
  2. Actions
    Managers must find ways to change employee behavior to thwart cybercriminal actions. Only 38 percent of organizations have a cybersecurity policy,38 and only 25 percent have specific cybersecurity rules for when employees work from home.39 This is especially significant since work from home is likely to continue indefinitely, based on a survey that showed 86 percent of organizations expect remote work policies will remain in place after the pandemic.40 Enacting policies may not prevent every cyberattack, but policies certainly help inform employees of their expected actions. There are many helpful and free online cybersecurity policies such as the ones offered by Security Scorecard and SANS Institute.

    Barriers can also be installed to prevent criminal attacks. Organizational policies must be coupled with the appropriate hardware and software to avoid breaches. Particularly at the start of the pandemic, it was common to allow employees to work on their personal devices and access organizational information using hastily installed virtual private networks (VPNs). There has now been ample time for managers to ensure that the necessary protective measures are in place, such as:
    • Organization-provided computing device(s) with updated software for remote employees
    • Secure network configuration (including a VPN) with regularly updated software
    • Malware protection on all computing devices
    • Removal of all personal devices from the network
    • Management of user privileges, including the removal of Microsoft’s RDP from work computers
    • Use of a reputable managed cloud provider if internal IT resources are stretched too thin
    • Periodic auditing of employees’ devices in line with the acceptable use policy to make sure all users who are working from home are compliant. Many of these measures were common before the pandemic, but the change in work environment and the desire to work from anywhere allowed interests to be shifted away from security in many cases. It is possible to work remotely and still be secure. Organizations must install proper protections to ensure that it is done safely.

    Many of these measures were common before the pandemic, but the change in work environment and the desire to work from anywhere allowed interests to be shifted away from security in many cases. It is possible to work remotely and still be secure. Organizations must install proper protections to ensure that it is done safely.

  3. Environment
    The pandemic has changed the nature of work, and cybercriminals have enjoyed a long period of weak security systems and fearful employees. Managers must increase their monitoring for threats in this new environment. Using AI, using automation or adopting a zero trust security framework may be necessary in a pandemic environment. Cybercriminals are always going to exist, and the job of IT managers should be to ensure that their organizations are strong enough to force criminals to find a target elsewhere. Promising options may be the use of adopting a data mining approach41or time-series analysis.42

    Finally, IT managers must try to think like cybercriminals and develop risk management protocols based on criminal activities. Risk management involves the identification of critical infrastructure, risk analysis and action plans to eliminate or minimize risk. The vulnerabilities of an enterprise can be partially verified through penetration testing. Crisis simulations can also be organized to train personnel for emergencies. In general, organizations should consistently evaluate the effectiveness of their cyberdefenses, be willing to use the most modern solutions and have the right cybersecurity expertise on the team.43
IT managers must try to think like cybercriminals and develop risk management protocols based on criminal activities.

Conclusion

Employees are trying to make the best decisions possible for their organizations. However, outcomes do not always match expectations. This is certainly the case in a world with COVID-19, and taking a broader look at the decision-making process provides more clarity on the conceptual components that should be addressed to maintain a secure cyberenvironment for the organization. IT managers can adopt this approach by shaping the information about cyberrisk to alter employee interest in and beliefs about cyberthreats, developing policies to direct employee actions, implementing barriers to stop criminals and monitoring the environment for threats. The cyberworld has certainly changed in the past two years and IT managers must alter their actions to ensure positive outcomes for their organizations.

Endnotes

1 Lohrmann, D.; “2020: The Year the COVID-19 Crisis Brought a Cyber Pandemic,” GovTech, 11 December 2020, https://www.govtech.com/blogs/lohrmann-on-cybersecurity/2020-the-year-the-covid-19-crisis-brought-a-cyber-pandemic.html
2 Auld, A.; J. Smart; “Why Has There Been an Increase in Cyber Security Incidents During COVID-19?” PricewaterhouseCoopers (PwC), 2020, https://www.pwc.co.uk/issues/crisis-and-resilience/covid-19/why-an-increase-in-cyber-incidents-during-covid-19.html
3 Hull, M. M.; A. Gavan; “New Study Reveals One in Three SMBs Use Free Consumer Cybersecurity and One in Five Use No Endpoint Security at All,” PR Newswire, 19 February 2020, https://www.prweb.com/releases/new_study_reveals_one_in_three_smbs_use_free_consumer_cybersecurity_and_one_in_five_use_no_endpoint_security_at_all/prweb16921507.htm
4 Nabe, C.; “Impact of COVID-19 on Cybersecurity,” Deloitte, 2020, https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html
5 Browning, G.; A. Halcli; F. Webster; Understanding Contemporary Society: Theories of the Present, SAGE Publications Ltd., USA, 2000
6 George, G.; K. R. Lakhani; R. Puranam; “What Has Changed? The Impact of Covid Pandemic on the Technology and Innovation Management Research Agenda,” Journal of Management Studies, vol. 57, iss. 8, December 2020
7 World Health Organization (WHO), Novel Coronavirus (2019-nCoV) Situation Report― 1, 21 January 2020, https://www.who.int/docs/default-source/coronaviruse/situation-reports/20200121-sitrep-1-2019-ncov.pdf?sfvrsn=20a99c10_4
8 Executive Office of the President, Proclamation 9994, Declaring a National Emergency Concerning the Novel Coronavirus Disease (COVID-19) Outbreak, Federal Register, USA, 13 March 2020, https://www.federalregister.gov/documents/2020/03/18/2020-05794/declaring-a-national-emergency-concerning-the-novel- coronavirus-disease-covid-19-outbreak
9 Centers for Disease Control and Prevention (CDC), “The President‘s Coronavirus Guidelines for America,” USA, https://www.justice.gov/doj/page/file/1258511/download
10  World Economic Forum, COVID-19 Risks Outlook: A Preliminary Mapping and Its Implications, Switzerland, May 2020, https://www3.weforum.org/docs/WEF_COVID_19_Risks_Outlook_Special_Edition_Pages.pdf
11 Aldridge, B.; “Does the Pandemic Explain Recent Spikes in Cyber Crime?” GovTech, 4 June 2021, https://www.govtech.com/security/does-the-pandemic-explain-recent-spikes-in-cyber-crime
12 INTERPOL, “INTERPOL Report Shows Alarming Rate of Cyberattacks During COVID-19,“ August 2020, https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID-19
13 Ibid.
14 Staff, “Google Blocks 18 Million COVID-19 Related Scam Emails Each Day,” Security Magazine, 20 April 2020, https://www.securitymagazine.com/articles/92188-google-blocks-18-million-covid-19-related-scam-emails-each-day
15 Warburton, D.; 2020 Phishing and Fraud Report, F5 Labs, USA, 11 November 2020, https://www.f5.com/labs/articles/threat-intelligence/2020-phishing-and-fraud-report
16 IBM, Cost of a Data Breach Report 2021, USA, 2021, https://www.ibm.com/downloads/cas/OJDVQGRY
17 Morgan, S.; “Cybercrime to Cost the World $10.5 Trillion Annually by 2025,” Cybercrime Magazine, 13 November 2020, https://cybersecurityventures.com/hackerpocalypse-original-cybercrime-report-2016/
18 McGuire, M.; S. Dowling; Cyber Crime: A Review of the Evidence: Research Report 75, Home Office Science Advisory Council, UK, 2013, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/248621/horr75-chap2.pdf
19 Ibid.  
20 Lallie, H. S.; L. A. Shepherd; J. R. C. Nurse; A. Erola; G. Epiphaniou; C. Maple; X. Bellekens; “Cyber Security in the Age of COVID-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks During the Pandemic,” Computers and Security, vol. 105, 2021, https://doi.org/10.1016/j.cose.2021.102248
21 Ibid.
22 Davis, J.; “COVID-19 Impact on Ransomware, Threats, Healthcare Cybersecurity,” Health IT Security, 2020, https://healthitsecurity.com/news/covid-19-impact-on-ransomware-threats-healthcare-cybersecurity
23 Ibid.
24 Villas-Boas, A.; “A Fake Coronavirus Tracking App Is Actually Ransomware That Threatens to Lead Social Media Accounts and Delete a Phone’s Storage Unless a Victim Pays $100 in Bitcoin,“ Business Insider, 16 March 2020, https://www.businessinsider.com/coronavirus-fake-app-ransomware-malware-bitcoin-android-demands-ransom-domaintools-2020-3
25 Burt, T.; “New Action to Combat Ransomware Ahead of U.S. Elections,“ Microsoft, 12 October 2020, https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections
26 Op cit Lallie
27 Ibid.
28 Ibid.
29 Op cit Davis
30 Society for Human Resource Management (SHRM), Navigating COVID-19: Impact of the Pandemic on Mental Health, USA, 2021, https://shrm.org/hr-today/trends-and-forecasting/research-and-surveys/Documents/SHRM%20CV19%20Mental%20Health%20Research%20Presentation%20v1.pdf
31 National Cyber Security Centre, “Home Working: Preparing Your Organisation and Staff,” United Kingdom, 17 March 2020, https://www.ncsc.gov.uk/guidance/home-working
32 Sadler, T.; J. Hancock; “A Stanford Deception Expert and Cybersecurity CEO Explain Why People Fall for Online Scams,” Fast Company, 26 August 2020, https://www.fastcompany.com/90542273/a-stanford-deception-expert-explains-why-people-fall-for-online-scams
33 Op cit IBM
34 Ibid.
35 Ibid.
36 Op cit Hull
37 Furnell, S.; “Home Working and Cyber Security— An Outbreak of Unpreparedness?” Computer Fraud and Security, August 2020, https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7434364/pdf/main.pdf
38 Pranggono, B.; A. Arabo; “COVID‐19 Pandemic Cybersecurity Issues,” Internet Technology Letters, vol. 4, iss. 2, 2020, https://doi.org/10.1002/itl2.247
39 Op cit Furnell
40 Databasix, “Cyber Security Risks and Statistics of Working from Home,” 7 June 2021, https://www.dbxuk.com/statistics/cyber-security-risks-wfh
41 Rahman, M. A.; Y. Al-Saggaf; T. Zia; “A Data Mining Framework to Predict Cyber Attack for Cyber Security,” 2020 15th IEEE Conference on Industrial Electronics and Applications (ICIEA), 2020
42 Tawalbeh, L.; F. Muheidat; M. Tawalbeh; M. Quwaider; G. Saldamli; “Predicting and Preventing Cyber Attacks During COVID-19 Time Using Data Analysis and Proposed Secure IoT Layered Model,” Multimedia Computing, Networking and Applications (MCNA), 2020
43 James, L.; “Making Cyber-Security a Strategic Business Priority,” Network Security, vol. 5, 2018

Maik Fichtenkamm

Is a student at the Ludwigshafen University of Business and Society (Germany) in cooperation with BASF Digital Solutions GmbH, driving the digitalization of BASF SE, the world’s leading chemical enterprise. He has completed various internships in different development departments, including research and development.

Gerald F. Burch, PH.D.

Is a visiting professor at the University of West Florida (Pensacola, Florida, USA). His primary areas of teaching are in operations management and information systems at both the undergraduate and graduate levels. He can be reached at gburch@uwf.edu.

Jordan Burch

Is the chief information officer at Yobo Inc. His focus is primarily on monitoring system availability and logging system event data. He implements monitoring platforms for both private and public sectors, including entire state digital infrastructures as well as international pharmaceutical and agricultural ventures. Burch has a strong background in network engineering and the difficulties presented with large organizations attempting to collect usable system statistics from the far reaches of their infrastructures. He enjoys projects that stem from the realm of the Internet of Things, where he collects data from embedded systems that allow for greater visibility of environmental factors at a much larger scale. Burch is also the founder of a community site for supporting developers for the Paessler monitoring platform PRTG, with the goal of making custom monitoring more accessible to developers. He can be reached at Jordan@Yobo.dev.