As the Covid-19 pandemic forced IT companies to shift work to homes, the Chief Information Security Officers (CISOs or equivalent executives) are burning the midnight oil to ensure secure transmission of information back and forth.

Finding chinks in the armour, patching them up with relevant fixes, protecting intellectual property (IP) rights and ensuring smooth flow of information ― it has been quite a task for CISOs over the three-week national lockdown.

Related Stories
Businesses must ensure cyber social distancing, cautions Fortinet
Unprotected devices during ‘work from home’ offer a huge opportunity for criminals
 

Ross McKerchar, CISO of cyber security firm Sophos, said that cyber attackers move quickly to take advantage of a situation. “Covid-19 is no different. There is a huge amount of global uncertainty and change right now which criminals are seeking to capitalise on,” he said.

The risks are amplified by the immediate and unforeseen IT challenges that companies are facing, ensuring their staff can work from home.

Remote access and phishing can be two areas where most intrusions can happen.

Allowing employees to work from home is giving them access to the networks remotely, using tools such as virtual private networks (VPN), collaboration and virtual conferencing tools.

“The key risk is weak authentication of your remote access services. There are solutions for the short and long terms. Long-term fixes boil down to a zero trust approach,” he said.

He observed that it is important to check whether the system is getting updates from the security services provider.

Phishing attacks

Phishing attacks using Covid-19 as a lure are the most visible and immediate cyber security risk in the ongoing crisis.

“This isn’t surprising as we’ve seen attackers use current events as a lure for many years. Unfortunately, the risks this time are higher,” he said.

Criminals are already taking advantage of Covid-19 in their cyber attacks, and remote access and phishing are the two areas most likely to result in a cyber security incident.

He wants users to update their Operating Systems, browsers, email clients and the frequently used software.

Paradigm shift needed

Avinash Prasad, Vice President and Head for Managed Security Services and Content Delivery Network (Tata Communications), felt that organisations will have to re-think elements of their approach to security for a truly borderless organisation as employees begin to work from home.

“Presently, all organisations are channelling efforts towards ensuring service availability. But simultaneously, they need to look at securing systems, resources and data,” he said.

He felt that organisations must put together a cross-functional and collaborative team to have a holistic Covid-19 risk management strategy.

“They should have a mechanism to identify Covid-related phishing and malware attacks as these are continuously surging,” he said.

comment COMMENT NOW