Building India’s Urban Future

Cybersecurity in the new reality

An emerging security paradigm

As Covid-19's disruptive influence on global health, economy, politics and social infrastructure continues, a covert threat — cyberattacks, continue to create upheaval in the digital space.

According to a recent study by Check Point, a leading cybersecurity solutions provider, close to 97 per cent of organisations worldwide have encountered an adverse cybersecurity-related event in 2020. The Indian Computer Emergency Response Team (CERT-In) has tracked nearly 1.16 million reported cases of cyberattacks in 2020 — nearly three times more than in 2019 and over 20 times from 2016.

In India, hackers have targeted data of lab test results of Covid-19, apart from user data stored with b2c entities such as Big Basket and Dominos India. On average, last year, 3,137 cybersecurity-related issues were reported daily.

The global pandemic and the resultant lockdowns and restrictions on people's movement have increased digital communication dependency over the past year. The internet has effectively become the primary channel for human interaction and work. As a result, more than a significant aspect of our lives have been rendered highly dependent on technology today. The increased dependence on digital tools coupled with the raging uncertainty in our lives has provided hackers with much broader avenues to launch cyber attacks.

Changes in the work environment

During the past year, businesses have rapidly embraced innovation and deployed new digital tools such as cloud services. In addition, they have remodelled their business models to ensure business continuity and enhance the customer experience in the altered global landscape. From connected objects and factories, deployed technology to ensure no interruptions in their supply chains, project monitoring, healthcare, education, and online retail to fragmented workforces, cloud kitchens, and the rise of video meetings, the pandemic has accelerated digital transformations of businesses across sectors.

Businesses are increasingly needing solutions that address their customers' safety. They are eager to invest in advanced technologies such as augmented reality, computer vision, sensor fusion, chatbots, etc. However, as digital technology spreads its roots deeper, the risk and impact of cyberattacks also increase.

While many organisations offer access to their employees through secure virtual private networks (VPN), the first point of interface to connect the employees with the company's enterprise server is typically a broadband network, mobile hotspot or shared wireless network. These interfaces are secured only at a basic level for encryption of traffic, with some devices even operating with default passwords — kept unchanged for years.

In the past, a corporate user was governed by regulations set by the organisations' IT security team. However, now since the user logs in through the home network, they have access to unfiltered internet and personal e-mail and drives. A user can now inadvertently compromise the enterprise network by infecting it with malicious codes when they click on a seemingly harmless link while working through becomes their home network. There are also heightened risks of IP theft and leakages, especially for work-from-home (WFH) users operating in the research and development sphere.

Several Covid-19 phishing themes are actively making the rounds. Hackers are using vaccine-related e-mails or focusing on fake cures and donations in their targeted attacks. Reports suggest nearly 70 per cent of Covid-19-related attacks today are scamming or spear-phishing, which refers to the fraudulent practice of sending e-mails presumably from a known or trusted sender to induce targeted individuals to reveal confidential information. The mere opening of the attachment releases a malicious code in the system.

Stress often incites users to take actions that would otherwise be considered irrational. For example, a recent global cyber attack singled out people searching online for visuals of Covid-19's spread. The malware was tucked away in a map displaying statistics from an acceptable online source. Viewers were tricked into downloading and running a malicious application, which compromised the computer and allowed hackers to access stored passwords. Unfortunately, cybercriminals are highly creative and often exploit popular topics and trends to tempt users into unsafe online behaviour.

So, what can we do?

Just as the pandemic has us resetting our daily and social habits, there is a need to change our online behaviour to help maintain high levels of cybersecurity. Here are a few practical actions you can take to stay safe online:

1. Step up your cyber hygiene standards
Keep a long and complex password for your home Wi-Fi. Do not reuse passwords across the web. Instead, invest in a password manager and, wherever possible, use a reliable VPN for internet access.

2. Be extra vigilant when clicking on links and apps
Be careful when installing software. Do not click on links from suspicious e-mails. When signing up for new services, verify the source of every URL and ensure that you install original versions of programmes and apps only from a trusted source.

3. Always update your software
Update your system software and applications regularly to patch any weaknesses that hackers could exploit.

4. More time online could lead to riskier behaviour
Inadvertently risky internet behaviour increases with more time spent online. For example, users could fall for “free” access to obscure websites or pirated shows, opening the door to likely malware and attacks.

5. Do not share your information
Do not share confidential and sensitive information about your work, profession or organisation on any social media platform and over personal e-mails.

The new normal of remote working has intensified the focus on cybersecurity and protection of data. The pandemic has forced businesses in several sectors to re-examine their digital preparedness to thwart cyber threats. Additionally, technology providers must rethink their strategies and offerings to accommodate a new security landscape. Finally, the onus is on us to ensure safety by staying vigilant.