The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity.
With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people have started relying more on technology and are busy fighting with the pandemic, the attackers now have plenty of options to target them more than ever.
According to PWC’s April report, the number of security threats to the Indian company doubled in March 2020—especially what’s more worrying is a 100% rise between March 17 and 20—from Jan 2020.
Sanjay Dhotre, the Union Minister of State for Electronics & Information Technology (MeITY), said that India has seen over 350,000 cyberattacks in the second quarter, triple the number of recorded events in the first quarter of 2020. He also highlighted that there were 700,000 cybersecurity incidents until August 2020.
Key Cybersecurity Crises in Numbers
According to ACRONIS Cyber Readiness Report 2020, 31% of companies worldwide are faced with at least one cybersecurity incident per day. However, India reported twice as many cyberattacks per day, where most of the cyberattacks comprise phishing, DDoS, video conferencing, exploiting weak services, and malware.
The phishing campaign is the most worrying attack as they attained the peak during this pandemic. Though malware hit fewer numbers, it remains a more critical issue in India – reports almost 2x times Malware issues than the global average.
Further, 39% of all organizations surveyed experienced video conferencing attack. Among them, India, Canada, Switzerland, and the UK are the most affected countries.
Coronavirus themed phishing emails and malicious websites claiming useful information on COVID-19 have emerged as the top threats to the companies. Also, 400,000 new ransomware assaults are recognized from April – June 2020 as per the report of Seqrite.
Most of these cyber-attacks were succeeded by obtaining access to a remote system by exploiting vulnerable services.
Why is India So Vulnerable to Cyberattacks?
Increased use of the Internet and Mobile technology — The NITI Aayog report states that India positions 3rd rank in the list of the highest number of internet users worldwide after the USA & China. With the exponential rise on the Internet and mobile phone users, there is a significant rise in the number of cyberattack incidents in India and globally.
Ignoring Internal Security Threats — Enterprises are more focused on guaranteeing business continuity with seamless operations than bridging the gaps in their remote infrastructure. If sensitive data flows between various departments without a proper monitoring and logging process, then it becomes tricky to identify the loopholes in case any attack happens.
Confronting External Threats — With the ever-increasing external threats, an organization can’t be 100 % prepared. Only a few Indian companies maintain security measures in place like Web Application Firewalls to monitor external threats and stop cyberattack incidents as and when they happen.
Detectable Weak Points During Remote Work — The main weak points, which get exposed during the sudden shift to remote work include Weak Authentication Techniques, Insufficient Monitoring, and Exposed Servers (DNS, VPN, RDP, etc.)
Moreover, many employees usually ignore personal online security hygiene. With this ‘work from anywhere culture,’ employees begin to access their personal emails as well as social media sites on their official machine.
Overall, with the merging of the personal and work-life online, cyber-attacks can easily occur through unsecured personal accounts.
Missing Expertise in Cloud Technology — To ensure ease of accessing the data from any device and anywhere, many companies have adopted cloud technology.
However, they don’t have adequate in-house resources to manage and protect APIs, SaaS, or containers. The increasing number of poorly configured cloud architectures will inevitably open doors for the attackers.
The Pandemic Landscape Demands Modern Protection
Here are the golden tips to keep you away from these recent cybersecurity incidents:
- Train your employees in security principles
- Be cautious with attachments, links, or text received via emails, especially with a subject line related to COVID-19
- Frame robust remote work policy
- Use only trusted sources like legitimate websites for up-to-date information
- Don’t disclose your financial or personal information in an email or phone calls from unknown persons
- Encourage the use of office devices only for official purpose
- Don’t reuse passwords between different accounts and applications
- Take data backups and store it separately
- Use multi-factor authentication
- Modernize your stack with Cloud-based WAF, such as AppTrana, a next-generation cybersecurity protection suite that includes vulnerability assessments, virtual patching, zero false positives, DDoS attack prevention, and many more features.
In the cybersecurity space, attackers lead the learning curve, with security professionals following the lead to boost preventive measures. However, with advanced technologies, this scenario begins to change.
The next-gen threat monitoring tools and predictive analytics go beyond the rule-based system and detect cyber risks, thereby flags potential threats in a secure and faster way.
With adequate nationwide cybersecurity awareness and robust policies in place, companies should be capable of battling cyber threats effectively in the future.