Covid-19 could drive reevaluation of cyber security frameworks
Covid-19 disruption has exposed gaps in the security mechanisms and crisis response plans for many businesses, according to partner & lead for cyber security at PwC India Siddharth Vishwanath. Speaking to Express Computer, he highlighted how responding to this scenario presents an opportunity
Crisis response is one area where businesses seem to have been completely blindsided by Covid-19. Vishwanath explains that while most businesses have plans in place to deal with significant disruption or financial strain, few have planned for what he calls a “black swan” event such as a pandemic or a tsunami.
“The biggest learning for organisations from this crisis is, thus, to consider black swan scenarios seriously while drafting and testing the crisis strategy,” he said. PwC has already been engaged in research to see the level of crisis preparedness across India’s business environment, and the status of business continuity management.
VIshwanath’s recommendations are aimed at ensuring that businesses remain prepared for a crisis of any shape or form. The second area of vulnerability is cyber security frameworks, which have been stretched to include a range of new devices and servers as employees work remotely.
“This pandemic has forced us all to turn en masse to virtual alternatives. This means that many had to open their organisational networks and resources to unsecured and unrecognised endpoint devices thereby expanding the threat landscape,” explained Vishwanath.
He reports that PwC’s Cyber Defence Centre in Kolkata has already seen a staggering spike in the number of cyber threats to Indian businesses, with some regions registering an increase as high as 100%. Vulnerability of the cyber infrastructure aside, anxiety also has a large part to play in this scenario.
Vishwanath explained how individuals are financially insecure and anxious under the current circumstances, which makes them particularly vulnerable to online phishing scams and other cyber threats. “Hackers have begun to take the advantage of the anxiety by unleashing Covid-19-themed phishing attacks,” said Vishwanath.
In tackling these threats, organisations have the opportunity to broaden the scope of their cyber security mechanisms. However, most businesses are currently preoccupied with taking emergency damage control measures and implementing business continuity plans. Unless faced with a direct threat, few leaders are considering their cyber security options at present. Vishwanath suggests that businesses at the very least shore up their employees’ remote working infrastructure.
“Overall, with increased hacker activity and as employees learn to work in a remote environment, it is safe to say that the remote working infrastructure is and would continue to be under a lot of stress. But to make remote working infrastructure secure and viable, organisations need to focus on implementing solutions such as Zero Trust, Adaptive Authentication, and Virtual Desktop Infrastructure (VDI). Such tools allow organisations to manage a large number of users on remote lines in a secure manner,” he said.
