Amid the Covid-19 crisis, security and tech experts have warned in recent months of the emergence of a cyber security "pandemic."
That is a massive disruption of services that triggers second- and third-order catastrophic failures of computer-controlled systems worldwide.
Because computer networks are so widespread and central to so many of our critical infrastructure systems, a massive breach can lead to the catastrophic loss of power, communications and transportation.
In March, the US department of health and human services servers was hit by a cyberattack.
Aimed at disrupting its Covid-19 response, the attack in the end failed. The origins of the attack remain unknown and since it did not penetrate other governmental systems it was not a full-blown pandemic.
A pandemic has three key features: "overcrowding" as a cause, multiple simultaneous attacks and delayed harmful effects.
I will try to draw analogies between each of these features to those of a virus pandemic in the hope that it will clarify our thinking and help avert cyber pandemics.
By overcrowding I am referring to more people using internet services and for longer periods of time. As a result, more people are becoming fresh preys for hackers.
In some ways this is a purely statistical observation. With the internet seeing much more business that means the sheer number of people with poor cyber hygiene has increased, becoming new preys. Hackers now target videoconferencing apps, online learning tools and shopping websites.
Interestingly, overcrowding, in the usual sense, is also a risk factor for viral pandemics, with disease outbreaks more frequent when the population density is high.
As for the second, almost half of the organizations in the operational technology sector - which includes public utilities and transportation - have experienced cyberattacks on multiple fronts, according to a 2019 cybersecurity report by Ponemon Institute,.
A multipronged attack can include spoofing, man-in-the-middle and denial-of-service attacks. Sometimes wireless connections are also attacked via fake Wi-Fi access points or so-called "evil twin" devices, which see a signal router with the same name and password set as bait.
These methods are used to compromise individual users' accounts as well as entire servers and systems.
Such attacks, the report says, are extremely serious. When only one system is infiltrated, a different or backup server can be used to revive the one attacked. In a coordinated, multipronged attack, there is no backup so it takes longer to recover and the company suffers more.
This is similar to the way the coronavirus attacks multiple parts of our body. It goes into our lower respiratory tract but also attacks our immune and nervous systems.
The third feature of delayed harmful effects is more dangerous because it means the virus can spread widely undetected.
For example, typical ransomwares start to encrypt your files and demand the ransom immediately after it is downloaded to the computer.
But other viruses are designed to infect your device over several days after downloading before they reveal themselves.
In even more sophisticated hacks, malware can sit there for years without revealing themselves at all. Such malware go undetected easily as they steal information very slowly to avoid drawing attention, just like someone with Covid-19 can be asymptomatic for a few days or weeks before they display symptoms.
So what can we do to prevent a cyber pandemic?
Like with pandemic hygiene measures, we can practice "cyber hygiene" by setting up stronger passwords and regularly changing them.
We should be more vigilant when installing software and giving out our personal data. And we should regularly update our computer software.
Dr Jolly Wong is a policy fellow at the Centre for Science and Policy, University of Cambridge
