COVID19 has caused unprecedented disruption to daily life globally. Consequently, businesses are rethinking of various ways of handling situations, assessing evolving risks and business models. To stay relevant, organisations need to reinvent themselves with business continuity frameworks, virtual working, minimum recovery time and use of new-age technologies that lead to transformational shift. Telecom industry is working aggressively on evolving challenges of network usage and resiliency, as the operators need to address the changing needs of customers, who during this time, need network services more than ever with dynamic demands
As more people are working from homes that have less cybersecurity than office workspaces, COVID-19 has posted an opportunity for hackers, online criminals, and scammers. During this pandemic last quarter, almost 260% increase in cybercrime was recorded across the world. Hackers are using the COVID-19 crisis as a part of their attack in various forms like Phishing, ransomware, data stealers, banking malware such as Mustang Panda, Kimsuky and many others and all these have put cybersecurity on the spotlight
In the current scenario, individual's, as well as enterprises' sudden virtual move of remote working, has led to a lot of exposure. According to a survey by CIS Security & Network World, 61% of the security and IT leader respondents are concerned about an increase in cyber-attacks targeting their employees who are working from home. Without proper protection, it leaves the organisations susceptible to attacks and failure to gauge the data security preparedness might delay faster recovery under attack.
Learning from the crisis and strategising the way forward to protect
In this pandemic situation, while many of us remain focused on protecting ourselves in the physical world, organisations struggling to gain traction due to this crisis with the changing environment of handling business services continuity.
As per Omdia, information security function plays a crucial role in testing enterprises' business continuity and resiliency plans. It has also predicted that in 2021 and beyond, remote working, monitoring, and assistance will be more prevalent, leading to an increased focus on security. There will be an increase in security spending and investment and also in the cloud-based security solutions because of rising new digital business models and channels that boost exposure to threats. Enterprises deployed cloud apps, services, infrastructure to stay productive and even before COVID-19, there was a strong push to cloud-based security and acceleration of existing trend away from hardware. The demand for an increase in network capacity has driven Communications Service Providers (CSPs) to increase their security spending.
As the security and risk management team currently need to operate entirely in different demanding environment and mindset, ensure at a strategic level, security team participate in crisis management groups to provide guidance on security concerns and business risk associated at all levels.
It is evident that Post COVID-19, organisations will need to rethink their cyber risk management measures. The need of the hour is dealing present situation with rapid response in a strategic way to prepare for the unexpected demand of the virtually connected world, and this could be your chance to build and adapt to a new way of working.
Enterprises need to conduct a security audit based on the new in-pandemic conditions and develop cybersecurity plans to mitigate new threats. They need to establish the strategic framework and guide actions to prepare for, respond to, and begin to coordinate recovery from a crisis to ensure minimal interruption of critical functions/services with least possible damage and effectively deal with cybersecurity crisis and enhance user awareness, responsible behaviour & actions to every single employee to help protect all business information. Enterprises also need to implement technologies to keep communication flowing through the secure way, ensuring that the services are still relevant at any phase. Security management must strike a balance between continuing responsibility to develop actionable security program guidance and managing risks surrounding to undertake for the business to move forward as they continue to operate and provide critical services.
Aligning cybersecurity with the new normal of Work from Home/Anywhere
It is apparent that COVID-19 will change our lives forever with new work styles, new security issues and new security policies.
Security ecosystem through a set of cooperative & collaborative actions must be planned, but they should also align with a company's purpose. Enterprises had to adapt and flexible in the new normal way of working, and now is the time to ensure that employees are both efficient and safe while working from home/anywhere. Do they have the right tools? Is the technology robust and secure? Everyone who has access to sensitive material is aware of a secure way of handling business information working remotely.
In the coronavirus era, remote working has become the new normal and has been proven as a legitimate way of working. Businesses can focus on the following to protect themselves and empower their workforce to deal with this crisis from cybersecurity threats effectively.
Secure Remote: Organisations can leverage proven technologies to have a distributed workforce working from several locations for secure adoption of work from home
Secure Device: Organisations can allow employee personal devices (BYOD) to connect to company resources by having robust enterprise mobility management
Secure Identities: Employees can get secure access to on-premises and cloud-based applications
Secure Data: Organisations can have the protection of confidential data being compromised while data at rest and motion.
Secure Awareness: Organisation resources can have the awareness to gain insights into security challenges and how to handle the same following best practices
Secure Contain: In the event of cyber-attacks, localise containment of crisis and isolate trusted systems from untrusted systems to continue essential business operations
An organisation must develop and adopt Business Continuity Plan to identify business threats, conduct a risk analysis of each potential risk identified, determine the severity of impact, come up with recovery assumptions including recovery point and time objectives, figure out strategies to mitigate interruptions and quickly recover from such interruptions. Test out recovery plan under various circumstances to evaluate new information and method for improving the recovery plan.
Being cyber resilient is most crucial in these unprecedented business operational changes. Tata Communications Transformation Services (TCTS) recommends Communications Service Providers (CSPs) cybersecurity best practices and tools that enable new ways of working securely. TCTS' Cyber Defense model helps CSP and Managed Security Service Providers (MSSPs) to complement service delivery with consultative, trusted & high-value customer relationship.
Author
Sanjeev Kumar N
Lead-Security Practice, Tata Communications Transformation Services (TCTS)
Sanjeev has 20+ years of experience in Information technology and is passionate about the field of cybersecurity gained in-depth security experience by providing security services/solutions to unique and challenging business use-cases of different sectors and instrumental in the architecture of security solutions for enterprise network, data centre, telecom and cloud technology.
