Cybersecurity: The new corporate DNA?

•  As remote work became the new normal in the face of COVID-19, companies became soft targets for hacktivists as their employees worked in less secure work environments.
• A study found that states that the number of cyberattacks on Indian organisations doubled in March 2020 from January 2020. Cybersecurity will hence become a way of life for all stakeholders. Cybersecurity will hence become a way of life for all stakeholders.
• In order to deal with this situation, companies need to make cybersecurity as a way of life. Building a cyber-risk free ecosystem should be part of a firm’s DNA – not just a reactive addition.
• This entails training employees to detect and report cyberattacks & using end-to-end encrypted collaboration tools.

As COVID-19 shook businesses across the globe and companies evolved to remote work in a bid to adjust to this new normal, organizations were left with no choice but to rapidly move towards adopting new age technologies. However, sooner rather than later, cracks began to emerge resorted to telework, long after most expected a return to their workspace. As remote work continues to garner traction, employees became soft targets for hacktivists as their home Wi-Fi networks likely have weaker protocols that hackers can access more easily. A PwC report states that the number of cyberattacks on Indian organisations doubled in March 2020 from January 2020. It adds that phishing domains resembling the Centres for Disease Control and Prevention cropped up all over the world in an attempt to obtain credentials or deliver Trojans by exploiting human anxiety related to the COVID-19 outbreak.

According to another study, 68% of Indian companies surveyed admitted that as employees connected from outside the corporate (fire)walls, secure access turned out to be the biggest challenge for the IT security department in most organisations when supporting remote workers. Vishak Raman, director (security business – India & SAARC), Cisco, explains, “With organisations forced to shift to a new way of working almost overnight, the newly distributed workforce became a focal point for malicious actors. As a result, the pandemic has amplified the criticality of cybersecurity and brought new complexities to the fore.”

Gearing up for an ordeal by fire

A study by EY finds that only 31% Indian companies that it surveyed say that their cybersecurity team is involved right from the start of a new business initiative. It adds that just 39% of organizations quarterly schedule cybersecurity as a board agenda item. This approach needs to change if companies and countries are to battle cyberattacks. As Dr. Pavan Duggal, Cyber Expert and Senior Lawyer, Supreme Court of India believes, “These are unprecedented times where a new world order is replacing the existing systems. After the pandemic, we enter a new age where the ground reality is different with different rules of engagement. Cybersecurity will hence become a way of life for all stakeholders.”

The following strategies can be deployed by businesses to mitigate the risk of cyberattacks:

i. Raising alarm

As employees work from their homes, it is more important than ever to develop their ability to detect and report cyberattacks. This requires companies to train users about the possibility of such threats and testing the efficacy of training. Employees need to be made aware about using a secure VPN, advance malware protection & using end-to-end encrypted collaboration tools.

ii. Reflection time

This is a good time to reflect on the organization’s security awareness plan and to see where it stands in terms of its preparedness. This entails a better understanding of the organization’s commercial imperatives and the ability to anticipate the evolving cyber threats. Allocation of a certain chunk of their budget to developing a safety valve for their remote workers will be crucial in this regard.

ii. Re-evaluate status quo

Companies may also need to re-evaluate their current framework for protection against cyber threats. One thing that is a must is to draw up fresh contracts that make data protection legally binding for their employees and put the onus of data leak on employees in a work from home environment. Softwares which offer solutions like blocking the copying of data in external USB drives can also be devised to ward off the threat of cyberattacks.  Firms also need to invest in Security as a Service Solutions (SaaS) such as embracing cloud content security provider.