Another infection lurking in the shadows, and it thrives during lockdown
Blog: NASSCOM Official Blog
Length – 5 Minutes (1200 words)
The blog discusses how the spread of COVID-19 and the resulting lockdown has serious implications on Cyber Security; and what companies and individuals can do to protect themselves
COVID-19 has led to a nationwide lockdown, constraining the movement of 1.3 billion people for over 5 weeks now. If we introspect the unpredictability of the crisis, it is commendable how swiftly authorities, hospitals, and corporates have responded to the crisis.
It is too early to predict the economic impact and the jury is still out there on when there will be light at the end of the tunnel. However, if IT, ITeS & BPM sector manages to emerge unscathed, their response strategies during this crisis will become case studies to be taught in business schools for years to come.
What is also worth noting is how nearly 4.1 million employees in the sector have managed to join the fight against COVID despite changes in the work environment and multiple challenges at the personal end such as movement restrictions, disruptions in lifestyle, and constrained supply of essential goods. Many companies in the sector are even reporting an increase in productivity during such times which speaks for the resilient spirit of the workforce.
COVID-19 crisis is a recent one but IT, ITeS & BPM sector has been battling for years to prevent computing devices from getting infected by a virus or malware. There was been enormous efforts to make cybersecurity more robust and minimize all threats to their digital infrastructure.
There has been an alarming rise in cybersecurity incidents since COVID-19 outbreak and International organizations such as Interpol and the World Economic Forum have issued advisories.
In India, BSE and NASSCOM-DSCI among others have also issued cyber-security related advisories.
India is the second most cyber-attacked country in the world and according to a PWC-DSCI research report, IT/ITeS sector in India spent USD 434 million in 2019 on cybersecurity, and spending is set to grow at a CAGR of 18%.
In India, there has been a rise in Malware and Phishing attacks with cyber-criminals using COVID related themes to trap individuals. A study by Check Point security researchers claimed that Zoom is also vulnerable and employees using Zoom can be attacked by hackers. The numbers of Zoom related domains registered and spotted malicious have also seen a remarkable increase.
The cyber-attacks which leverage endpoints (remote devices such as laptops, mobile, or other wireless devices) are also increasing sharply at an alarming rate of over 1000%. Due to lockdown, 4.1 million IT/ITeS employees are working from home resulting in an exponential increase in endpoints, raising the data security challenges more than ever before. Organizations at large have been very proactive in tackling cyber-security threats and had a high level of cybersecurity preparedness.
How is the industry responding and what could be further strengthened –
Conduct Risk Assessment – All kind of access to files, applications, remote desktop should be evaluated at an employee level
Data Access on a need to know basis – The employee access to data should be limited to their work-steam to avoid network-wide access to cyber-attackers in case of breach
VPN Gateways – The companies should quickly roll-out Virtual Private Access to employees after careful consideration of which VPN gateway extends business firewall rules to the user computer to minimize risk. There is also a need to ensure that VPN is only on accessible company-owned hardware with up-to-date security features.
Disable unnecessary ports and ensure anti-virus software is up-to-date
Operate a 24-hour IT support desk to monitor all suspicious activity and provide support to employees in case of any eventuality
A return to the workplace, even if partial will help the organizations to minimize many cybersecurity risks. But until that happens, it is imperative that employees join forces and made cyber-defenses stronger.
Due to significant investments by companies in strengthening their digital infrastructure, many cyber-attackers are changing their modus operandi and targeting individuals and exploiting vulnerabilities in human behavior. Since the lockdown, there have been a plethora of cyber-scams in India where individuals were targetted. In particular, mobile devices have been targetted to scam individuals as well as to gain access to their employers’ digital infrastructure.
How Can Employees and Individual Respond-
Increase Awareness– News related to COVID19, its spread, and impact on lockdown has overshadowed news of increased cyber-attacks in the country to a certain extent. WHF has led to a rise in webinars and e-learning modules. Employees should actively participate in these webinars and read news to increase their awareness.
Be wary of COVID-19 scams– Identify and ignore phishing e-mails, malicious domains, and fake apps. Threat actors love to exploit real-world tragedies, and COVID-19 is no different.
Do not mix personal and work– Employees should use their work devices to do work and their personal devices for personal matters. If you would not install or use a service while you are at the office, don’t do it while at home on your work device.
Maintain good password hygiene – Employees should use complex passwords and multifactor authentication where possible and change these passwords frequently.
Update systems and software – Individuals should install updates and patches promptly, including on mobile devices and any other non-corporate devices they might use for work.
Secure your WiFi access point– People should change their default settings and passwords in order to reduce the potential impact on their work of an attack via other connected devices.
The Way Forward
Indian telecom subscriber base crossed 1.162 billion in 2019 and according to a Kaspersky study, 28.75% of mobile devices in India are vulnerable to cyberattacks. This presents a huge opportunity for cybersecurity companies to develop and market products with individuals as target customers.
When the COVID19 challenges are overcome, the silver linings of the catastrophe will be more identifiable. COVID19 has created opportunities for faster technology adoption and transition to the cloud. If the economic impact on the IT, ITeS & BPM companies is contained, it is likely that the sector will emerge stronger, agile, and better prepared to deal with cybersecurity challenges.
Please share your comments below and feel free to reach out to me at firstname.lastname@example.org for clarifications and blog topic suggestions