By Amrit Behera
This article will mostly focus on how the importance of cybersecurity has increased after the COVID 19 pandemic. The paper will also discuss the major steps that can be taken to ensure a more secure online platform and it will also spread some light on the steps that are taken by the Indian government concerning cybersecurity. And at the end it the paper will also focus on how this pandemic has forced to take steps for the future.
The pandemic has posed a huge dilemma for all businesses across the world the main problem faced by them is regarding how to keep operating even after the closures of facilities and some significant offices. Their long-reliant information technology – data centres, cloud systems, departmental servers, and the digital gadgets their now-remote employees utilised to keep connected to one another and to the company’s data – becomes even more critical. The demands placed on the internet infrastructure have increased dramatically in the last few months.
Cybercriminals see such technology as a far bigger and more valuable target. To avoid a second disaster, cybersecurity operations must be improved, focusing on the digital gadgets and networks that have become vastly more important to the businesses present in recent weeks. To put it another way, “business continuity” has become a must.
Impact of COVID-19 on cybersecurity:
As businesses adapt to a new operating paradigm in which working from home has become the “new normal,” the coronavirus pandemic has presented new obstacles. Businesses are speeding up their digital transformations, and cybersecurity has become a big worry. If cybersecurity concerns are ignored, the consequences for reputation, operations, legality, and compliance could be severe. This article looks at how COVID-19 affects cyber risk and what firms may do to mitigate it.[i]
Cyberattacks on video conferencing services:
The series of cyberattacks on video conferencing services is an example of criminals exploiting cybersecurity holes in remote working. Between February and May 2020, almost half a million people were affected by data breaches in which video conferencing service users’ personal information (such as names, passwords, and email addresses) was stolen and sold on the dark web. Some hackers used a tool called ‘OpenBullet’ to carry out this attack.
Credential stuffing tactics are also used by hackers to get access to employees’ credentials, and the stolen information is then sold to other cybersecurity criminals. One of the effects is that firms that rely significantly on videoconferencing platforms will be severely disrupted. Credential stuffing is a type of cyberattack in which hackers utilise stolen login and password combinations to gain access to other accounts. Because it is fairly usual for people to use the same username and password for many accounts, this is conceivable.[ii]
Unwanted and uninvited members have been observed gaining access to virtual meetings and obtaining personal or sensitive information, which is subsequently sold to a third party or made public to harm the company’s reputation.
Ways to reduce the chances of cyberattack:
Cyberattacks have escalated by an order of magnitude as a result of the growth in communications and the widespread shift to conduct business online. They’ve also created a slew of additional dangers. The perimeter security of organisations is at risk of being penetrated. For breaches at both physical and digital access points, they need continuous surveillance and real-time risk assessments.
Leaders in security and risk management must now protect their businesses on a vast scale, and rapidly. They must make sure that their companies’ online services and digital platforms are secure from cyberattacks.
The IT department is also under a lot of strain. IT workers in some companies must expand remote working capabilities to employees who have never worked from home before. This may include their service providers in some circumstances. Many IT departments are in the process of implementing new collaboration tools. While this is useful for keeping staff in sync (especially in agile teams), it also increases the danger of critical material being hacked because it is now stored in less secure remote locations.
However, it is impossible for IT departments to refuse this request. To conduct operations remotely, company leaders, managers, and their staffs require access to internal services and applications. Security leaders are hesitant to give access without stringent access methods since many firms have not previously made these applications and data available through the Internet or virtual private networks (VPN).[iii]
Few companies, understandably, were prepared for their employees to work remotely in large numbers. They’ve realised that secure remote-access capacity and protected access to company systems has become a significant bottleneck.
It’s tough to enforce enterprise security policies and controls on a remote workforce. The majority of controls have limited scalability and take a long time to set up. We know of several companies that have resorted to let employees to access enterprise applications using their own digital devices because there was no way to enforce security measures. Business continuity plans (BCP) and incident response plans (IRP) are insufficient or non-existent for most organisations when it comes to dealing with pandemics. Security officials have never imagined or practised a large-scale BCP operation.
Steps taken by the Government:
In the year 2020 the government of India introduced a National Cyber Security Strategy which was formulated by the National Cyber Security Coordinator’s office at the National Security Council Secretariat.
The main aim of the National Cyber Security Strategy 2020[iv] was to improve the cyber awareness and cybersecurity with the help of more strict audits. Empaneled cyber auditors will examine a company’s security features more thoroughly than is now required by law.
Table-top cyber crisis management exercises will be held on a regular basis to emphasise the idea that cyber-attacks can happen at any time. It does, however, ask for a cyber-readiness index and accompanying performance monitoring. It is advised that a distinct budget be set aside for cybersecurity, as well as coordinating the roles and duties of multiple agencies with the necessary domain knowledge.[v]
A New Era for Cybersecurity:
The changes we’ve outlined will have an impact on more than just the IT department. Talent managers will need to reassess their policies to allow for a better work-life balance if remote employees demonstrate that they can work more successfully from home. Meanwhile, personnel with important skills and remote-working requirements must be rapidly and effectively on boarded.
Large enterprises will also face new budgetary restraints. There will be new ways to use finances and invest in the correct offerings. Firms will be more conservative in their resource allocation.
Furthermore, businesses will have the ability to restructure their work processes. Prioritize new at-home work arrangements that were developed during the lockdown and have shown to be successful. Finally, as people, assets, and facilities begin to recover, governments all over the world will establish new policies and regulations based on what they learned during the epidemic.
A new era of cyber security has begun as a result of the epidemic. IT security experts who step up their game and defend their organisations’ people, technology, and data against new or increased threats from more skilled cybercriminals will be critical actors in the economic recovery. And indeed it is a much needed step for the future.
[i] Daniel Lohrmann & Dan Lohrmann, 2020: The Year the COVID-19 Crisis Brought a Cyber Pandemic, Government Technology (2020), https://www.govtech.com/blogs/lohrmann-on-cybersecurity/2020-the-year-the-covid-19-crisis-brought-a-cyber-pandemic.html (last visited Jul 16, 2021).
[ii] Impact of COVID-19 on Cybersecurity, https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html (last visited Jul 16, 2021).
[iii] Deo Prashant, Raj Geetali & Santha Subramoni, How Covid-19 is Dramatically Changing Cybersecurity, Tata Consult. Serv. Ltd., https://www.tcs.com/perspectives/articles/how-covid-19-is-dramatically-changing-cybersecurity.
[iv] National Cyber Security Strategy 2020, , Drishti (2021), https://www.drishtiias.com/daily-updates/daily-news-analysis/national-cyber-security-strategy-2020 (last visited Jul 16, 2021).
[v] 3 ways governments can address cybersecurity right now | World Economic Forum, , World Economic Forum (2020), https://www.weforum.org/agenda/2020/06/3-ways-governments-can-address-cyber-threats-cyberattacks-cybersecurity-crime-post-pandemic-covid-19-world/ (last visited Jul 16, 2021).
[vi] Picture: IEEE inovation at work