Cyber security in times of and post-COVID-19
The onset of the pandemic has thrown normalcy out of gear. There is a talk of a “new normal”, which continues to be defined and remains as broad as ever. As the virus fans out, our interactions have been tweaked and work environments transformed to a more digital setting. With this, the onslaught of cyber-crimes and vulnerabilities in the cyber landscape are increasing by the day. Security flaws in videoconferencing tools, along with malware, ransomware attacks on digital payments systems have already surfaced. The sudden thrust towards digitisation involving the new internet users particularly from rural and semi-urban population are most susceptible to data breaches and frauds like phishing and skimming. Levels of online activity that challenge the confidentiality, integrity, and availability (CIA) of network traffic are accelerating. Securing remote-working arrangements and sustaining the CIA of customer-facing networks are essential to ensure the continuity of operations during this disruptive time. The synapse between the COVID-19 pandemic and cyber-security imperatives can be addressed with a call to action that the new cyber security strategy on the anvil can address. New red lines that have emerged only draws to us the reality that it is not possible to hermetically seal our societies or the networks. There is no time to be lax on cyber security, even though the need to continue operations takes priority. There must be a sync with these modern realities and adaptation along with willingness to innovate for future disruptions which will in turn reinvigorate our trust and boost our digital immunity.
In this environment, organizations will encounter the following situations:
1. Increased need for scale and velocity, particularly by migrating business and operations to digital channels
2. Greater focus on costs as they deal with an evolving and uncertain economic climate
3. Surging demand for digital products and services to replace brick-and-mortar and in-person touch points
4. Accelerated adoption of digital technologies in the areas of collaboration, supply chain, commerce, cloud and others
5. Organizational efforts and initiatives to boost resilience and use current learnings to prepare for future disruptions
Businesses and organisations with a high degree of cloud maturity, robust digital platforms, high-performance teams and deep digital connections with their stakeholders will be the most resilient. The ability to adapt, with technology-enabled human interfaces, will be a key differentiator as we define our “new normal.”
India, which is at a cusp of a digital revolution, should be proactive in dealing with the emerging scenarios. Addressing some of the fault lines requires a coordinated and robust institutional framework that will have to be drawn up.
The Indian Computer Emergency Response Team, known as CERT-In, is the nodal agency on responding to cyber-security incidents and publishes annual reports that tracks various forms of malicious cyber incidents.The regulatory capacity of CERT-In must be enhanced, and resources need to be augmented to stay ahead of curve. Inter-sectoral regulators and stakeholders like RBI, SEBI, National Critical Information Protection Centre under NTRO, intelligence agencies will have to enhance their coordination and strategies to combat emerging scenarios.This assumes importance since the Ministry of Finance clarified in front of a Parliamentary panel that a regulator like SEBI never furnished a report regarding cyber-attacks on the securities market. The growing need for cyber security in the healthcare industry as patients are frequently dealing with life-threatening conditions, exchanging large amounts of money and financial information, and must have their privacy protected related to medical records. Hospitals and healthcare providers remain under cyber-attack, causing organizations to spend more to protect their systems and patient data.
Cyber hygiene on behalf of individuals and creating an awareness among the cohort remains an important work in progress. Staying vigilant while working from Home is critical to ward of cyber threats. According to a NASA report on cyber security for its internal consumption, cyber fraudsters are having a field day and such upticks in cyber crimes is a result of both nation state actors and rouge criminals.
Since the pandemic started , cyber attacks in India have been rampant . The instances of fraudsters targeting airlines, hacking of COVID-19 related health database and most prominent being the brandjacking attack on the PM’s COVID-19 Relief fund. It is worth noting that the Cyber cell of Delhi Police along with the IB’s technical department initiated quick corrective action. However, to prevent or detect such ‘Brandjacking’ the following measures are recommended:
1. Pre-emptive creation/registration of accounts with names similar to the genuine account
2. Monitoring social media and customer complaints for usage of similar names
3. Creating user awareness through various mediums, emphasising the usage of correct name while initiating transactions
4. For critical accounts, mechanisms such as ‘approximate string matching’/ fuzzy matching algorithms can be explored and implemented for identification of fraudulent accounts with names similar to genuine account
Similarly, while work from home continues for the near future and a possibility of it becoming a permanent feature for most kind of jobs, some suggestions to keep cyber threats at bay would be:
1. Securing internet connectivity like ensuring Wi-Fi router is configured for secure passwords and WPA-2 PSK or higher encryption
2.Teleworking using VPN
3. Keeping confidential information safe by not using personal email IDs for sending across important documents
4. Ensuring the system is running the updated versions of all anti-virus and anti-malware and other security tools
5. Beware of mentioned malware, phishing scams and hoax calls
6. Finding something suspicious with regard to one’s computer, laptop reporting it to relevant platforms and authorities remains critical.
In these critical times, cyber security professionals have their task cut out. Few business processes are designed to support extensive work from home, so most lack the right embedded controls and thus cyber security always remains a critical area requiring attention. Organisations that make it possible for employees to work from home must enable higher online network-traffic and transaction volumes by putting in place technical building blocks such as a web-application firewall, secure-sockets-layer (SSL) certification, network monitoring, anti-distributed denial of service, and fraud analytics. Cyber hygiene, cyber security and cyber innovation remain verticals of critical importance in the times to come.