Talking to Express Computer, Siddharth Vishwanath, Partner and Leader- Cybersecurity, PwC India, tells us about the threats normally experienced by Indian organisations.
What is the impact of cyber security threats on Indian organisations?
Most organisations, and certainly the more mature ones, had a Business Continuity Plan (BCP) or an IT DR strategy in place. However, most, if not all, did not consider a crisis like this pandemic. This pandemic has forced us all to turn en masse to virtual alternatives. This meant that many had to open their organizational networks and resources to unsecured and unrecognized endpoint devices thereby expanding the threat landscape.
In addition, the uncertainty around COVID-19 has also caused stress among people affecting their morale. The anxiety and fear in people makes them vulnerable to cyber attacks more than ever. Hackers have begun to take the advantage of the anxiety by unleashing COVID-19-themed phishing attacks.
In India, we’ve had the Maze Ransomware attack on one of the largest IT services firms recently as well as the hack of the video and collaboration tool that many firms jumped to leverage in the absence of a thoroughly tested alternative. This tool exposed data of several organisations to hackers.
The pandemic also presents an interesting dichotomy between the rise of cyber-attacks and business priorities. Most organizations had very little time to prepare and hence focused on ensuring continuity of business, supply chain constraints, et cetera which meant that security took a back seat. This translated into an opportune time for the hacker community to increase their activity.
At our Cyber Defence Centre (CDC) in Kolkata where we monitor and analyse cyber threats emanating from the world over and targeting Indian organisations, our team of skilled professionals and experts observed that in certain cases, the COVID-19 themed attacks (including phishing and brute force) rose as much as 100%
What is the effective crisis response strategy in such situations?
Each crisis response strategy tends to vary depending on the nature and scale but there are certain aspects of each response strategy that makes it effective. Most of the crisis response strategies are not designed to cover Black Swan events like the COVID-19 pandemic, widespread tsunami, widespread earthquakes, etc. The biggest learning for organisations from this crisis is, thus, to consider Black Swan scenarios seriously while drafting and testing the crisis strategy. It is imperative for organizations to have a focused approach while developing response strategies and to the extent possible cover all types of crises, including those which are low probability but have a high impact.
We’re in the 7th week of the lockdown and the services sector (which was traditionally low touch) has been able to respond far better than those in the high-touch sectors like manufacturing, construction, et. This is another aspect around crisis response that organizations need to focus on. A resilient and adaptive strategy covers plan for business resumption and doing business that co-exists with the virus till the antidote is developed. Organisations are required to invest in secure ways to continue business for most of the activities and endeavor to take advantage of the remote working as much as possible. A resilient and adaptive strategy with regards to the options available within the guidelines or relaxations from and by the government needs to be developed to give business impetus.
What is the impact on remote working infrastructure? Would this scenario be normal?
That’s an interesting question, remote working in some shape and form is now the new normal, in fact not just for now but more as a norm going forward. So yes, remote working infrastructure is being challenged like never before. Most mature organizations did have a WFH/remote working facility in place but were limited to a pre-identified set of roles/people. It has now been extended to a much larger group in the light of the pandemic crisis. The sudden growth in remote users has impacted organisations’ infrastructure – its ability to handle large numbers of users remotely is being challenged and viability to stay safe from attacks is being tested. Organizations that started their journey on the cloud early have been able to respond to the crisis in a more structured manner as against those who were caught off guard.
Overall, with increased hacker activity and as employees learn to work in a remote environment, it is safe to say that the remote working infrastructure is and would continue to be under a lot of stress. But to make remote working infrastructure secure and viable, organisations need to focus on implementing solutions such as Zero Trust, Adaptive Authentication, and Virtual Desktop Infrastructure (VDI). Such tools allow organisations to manage a large number of users on remote lines in a secure manner.