Business India ×
  Magazine:
Technology

Published on: Sept. 20, 2020, 11:28 p.m.
Cyber social distancing
  • The net gets wider

By Sarosh Bana. Executive Editor, Business India

As the world braces for an era of transformed workplaces and lifestyles, organisations confront new challenges as they are compelled to shift to telework practically overnight, and ask their employees to operate from home.

In normal course, transferring entire workforces from offices with secure IT environments to remote setups with scant cybersecurity would require long-term IT planning and preparation. That was, however, not an option in 2020, and cyber criminals have been capitalising on the ensuing opportunities.

Fortinet, the Sunnyvale-headquartered cybersecurity major, has investigated these cybersecurity challenges that organisations now face and has published its study titled 2020 Remote Workforce Cybersecurity Report.

Its survey conducted in June, and involving employees of private and public sector industries across 17 countries, reveals that almost 60 per cent of enterprises are each planning to invest more than $250,000 on secure telework over the next two years due to the pandemic. These investments were unplanned, but securing remote work has become a top priority for these companies.

Besides, nearly half of the respondents have already invested in virtual private network (VPN) and cloud security, and are planning to upgrade network access control (NAC) and endpoint detection and response (EDR). The top areas they are making new investments in, as part of their business continuity plan, are multi-factor authentication (MFA), secure communications, software-defined wide-area networking (SD-WAN) for the enterprise as well as the employee’s home, segmentation, VPN, and secure access service edge (SASE).

Nearly two-thirds of firms surveyed needed to transition more than half of their workforces to telework, even as they anticipate more of their workforce to continue to work remotely in future.

Fortinet points out that while using VPNs is necessary, it does not address the inherent insecurity of simple username/password logins, with MFA required to access critical information and applications. This would eliminate the risk from stolen or weak passwords, preventing hackers from validating credentials and infiltrating the networks.
 
Threats galore

During a recent video call with India, Derek Manky, who is Chief of Security Insights & Global Threat Alliances at Fortinet’s Office of Chief Information Security Officer (CISO), said that though organisations have completed the initial phase of transitioning their entire workforce to remote telework, CISOs face new challenges in maintaining secure teleworker business models.

There has been a significant spike in Covid-19 related threats, with cybercriminals unleashing a surprisingly high volume of new threats to take advantage of inadvertent security gaps as organisations scurry to ensure business continuity.
“An unprecedented number of unprotected users and devices are now online, with one or two people in every home connecting remotely to work through the internet,” mentions Manky.

“Simultaneously there are children at home engaged in remote learning and the entire family is engaged in multi-player games, chatting with friends as well as streaming music and video.” All this has provoked a surge in phishing attacks, with an average of about 600 new phishing campaigns every day.

The phishing attacks range from scams related to helping individuals deposit their stimulus for Covid-19 tests, to providing access to chloroquine and other medicines or medical devices, to providing helpdesk support for new teleworkers. Some even target children, with offers of online games and free movies, or even access to credit cards to buy online games or shop online.

Most of these phishing attacks contain malicious payloads that include ransomware, viruses, remote access trojans (RATs) designed to provide criminals with remote access to endpoint systems, and even remote desktop protocol (RDP) exploits. The first quarter of 2020 has documented a 17, 52 and an alarming 131 per cent increase in viruses for January, February and March respectively, compared to the same period in 2019. This surge is mainly attributed to malicious phishing attachments. Multiple sites that are illegally streaming movies that were still in theatres secretly infect malware to anyone who logs on.

According to Manky, as users are all connected to the home network, attackers have multiple avenues of attack that can be exploited targeting devices, including computers, tablets, gaming and entertainment systems and even online IoT devices such as digital cameras and smart appliances, with the ultimate goal of finding a way back into a corporate network and its valuable digital resources. “If the device of a remote worker can be compromised, it can become a conduit back into the organisation’s core network, enabling the spread of malware to other remote workers,” he explains. “The resulting business disruption can be just as effective as ransomware targeting internal network systems for taking a business offline.”

Manky recommends adopting the same strategy for cyber viruses that we are adopting in the real world today, with cyber social distancing all about recognising risks and maintaining distance. “Isolation is all about segmenting networks and quarantining the malware from spreading across the network,” he points out.

Don't miss this

Cover Feature

The great Indian infra dream

National Infrastructure Pipeline (NIP) offers post-Covid-19 opportunity for economic revival. But is the government up to it?

Feature

Electrifying India’s vehicles

With a shortage of fossil fuels and tougher emission norms, cars driven by electricity could be the new normal in decades

Focus

Exports show formidable revival signs

It is time for India to resolve issues and take a fresh stance in the international market

Corporate Report

The Parliament project pushes Tata Projects higher

The company has emerged as one of India’s leading infrastructure companies

Our letter to you, once a week.
Register with The CSR Weekly for free!

E-MAGAZINE
The great Indian infrastructure dream
Cyrus-Mistry-the-$20-billion-question
Man of Steel
FROM THIS ISSUE

Corporate Report

Corporate Report

F&B

Corporate Report

States

Guest Column

Social Responsibility

Innovation

Infotech company KPIT works with MAGIC in Aurangabad

Published on Oct. 21, 2020, 4:37 p.m.

The Marathwada Accelerator for Growth and Incubation Council is partnering with KPIT Sparkle 2021 to support student innovators

Social Inclusion

CRI Pumps in Coimbatore has a host of socially responsible programmes

Published on Oct. 21, 2020, 4:37 p.m.

The company works with Coimbatore Corporation and leading NGOs to organise cleaning drives and awareness programmes

Healthcare

Ola provides 120,000 meals to drivers through The Akshaya Patra Foundation

Published on Oct. 15, 2020, 2:37 p.m.

The cab company’s Foundation has expanded its outreach to the community in 13 cities

Technology

Valliappa Foundation’s Anadhanam makes a start in solving global hunger

Published on Oct. 5, 2020, 1:02 p.m.

The Bengaluru-based group’s digital platform marks the International Day of Awareness on Food Loss and Waste Reduction

Climate Change

Waste Management

GD Environmental sees an opportunity in medical waste

Published on Oct. 21, 2020, 5:34 p.m.

The company sees strong opportunities in fundamentally shifting the costs and process of waste management

Environment

India and Denmark to be at the forefront in the global fight against climate change

Published on Oct. 21, 2020, 5:33 p.m.

The prime ministers of the two countries agree to elevate India-Denmark relations to a Green Strategic Partnership

Energy

Renewables leader Rajasthan will see a dramatic shift in its generation composition

Published on Oct. 15, 2020, 2:22 p.m.

Solar and onshore wind power will meet most of the incremental electricity demand by 2029-30

Energy

Energy storage leaders call for policy measures to create Atmanirbhar Bharat

Published on Oct. 8, 2020, 11:48 a.m.

Global thought leaders and policymakers discussed the issue to mark World Energy Storage Day recently

Stay ahead of the times.
Register with The Climate Change Weekly for free!