The importance of CyberSecurity during COVID-19

Amid the ongoing unprecedented global health crisis, cybercriminals are taking advantage of the situation to attack information systems across the world. With remote working on the rise, incidents of hacking are witnessing a spike as the days progress.

According to a recent report by PwC, the number of cyberattacks on Indian organisations doubled in the past few days, with cybercriminals using the disruption brought about by the COVID-19 outbreak to infiltrate corporate networks and data. These cyberattacks include phishing, malicious mobile apps, ransomware and attack on insecure networks among others.

As organisations increasingly adopt remote working, there is an immediate need to deploy advanced cyber-security technologies to ensure the confidentiality, integrity and non-repudiation of data.  Organisations need to ensure a working model where their workforce is collaborating efficiently and at the same time, their critical data is also protected. Appropriate authentication and access management solutions should be in place to protect access to networks and sensitive data.

In this scenario there are certain key guidelines that organisations must follow to ensure that their sensitive cryptographic material is stored in a secured in the tamper-resistant environment:

• There needs to be implementation of Smart Access Management policies along with multi-factor authentication. This combination ensures that the workforce is accessing applications and resources from the devices issued by their organisation.

For this, organisations should look at solutions which give them combined benefits. An example of this is SafeNet Trusted Access (STA)  as this gets them the Multi-Factor Authentication as well as Smart Single sign-On (SSO) in a cloud-based service which further allows them to deliver a range of authenticators including Grid and One-Time-Password (OTP) on the mobile phones.

• Cloud transition is a critical aspect of ensuring the safety of data. Faster and higher adaption of cloud infrastructure for business applications and data is key in this situation and it is very critical to secure the cloud transition. While most cloud service providers do provide native security, organisations availing cloud services need to ensure a degree of control over the security of their own information when hosted on the cloud.

This can be achieved by retaining control of the encryption keys by using Key Management solutions such as CipherTrust Cloud Key Manager, SafeNet KeySecure, among others.

• Software methods may not always work. Organisations need to ensure that they are protected against hackers causing disruption by getting inside an organisation’s digital infrastructure. This can happen through social hacking like fake emails or getting unauthorized access to privileged accounts.

Here, organisations can look at making sure that SSL (Secure Sockets Layer) keys are inside Hardware Security Modules (HSM). This not only provides all-round safety but also safeguards the organisation’s unique identity.

• Communication and collaboration among workers in a secure digital environment is important in a Work-From-Home mode. For this, there are remote collaboration solutions like Citadel and Cryptobox which provide a balance between convenience and security. Both of these solutions are also already widely used by French government agencies and major enterprise customers.

While these guidelines are a prerequisite for organisations at all times, with the current crisis they become even more critical.

Rana Gupta, VP India and APAC Sales, Cloud Protection and Licensing, Thales

Apart from the responsibility of organisations, it is equally important for employees to adhere to their organisation’s policies. From accessing only safe sites to safeguarding oneself from misinformation, employees need to abide by their organisation’s IT security policies and ensure a safe home network. They must use social media prudently and avoid using it on business devices.

It is also important that while working from home, employees pay heed to minute details of system operation and avoid usage of any unsecured devices and unapproved tools and services. Only the IT solutions provided by the organisation that is equipped with adapted levels of security must be used.

COVID-19 has impacted businesses worldwide and changed, at least for now, the manner in which they function. Responding to COVID-19 demands that organisations think innovatively and move quickly. Organisations must invest in the right technologies and systems to ensure that cybersecurity concerns are quickly and effectively addressed.