In an increasingly connected world, cybersecurity is one of the most important aspects of any organisation.
However, due to the COVID19 pandemic, various organisations had to accelerate their process of digital transformation much ahead of what they had actually planned.
This led to a lack of a cybersecurity infrastructure along with a lack of awareness amongst some people. How does one train the cybersecurity team better to be able to respond to breaches? These points were discussed in W.Media’s event South Asia Cybersecurity- The Weakest Link!
“It is not just the responsibility of the security team to ensure that the cybersecurity is full proof in any organisation. It is the responsibility of every member in the organisation to ensure that the cybersecurity is maintained and the issues are reported at the right time,” said Neeraj Bhople, Head- Technology & Engineering, DFB Mahindra Finance.
New incidents faced during the pandemic
COVID-19 has pushed organisations into hyperdrive mode in multiple areas and this is the new normal. People have now changed the way of purchasing, making payments, and interacting.
The digital footprint has changed completely, there is an increase in the adoption of social media, digital payments, and e-commerce. “When anything is being adopted in a rapid way, few things tend to fall apart. People have lost money due to online frauds,” said Gupta Boda, Head- IT & Digital Brigade Group.
Coming to small enterprises, they faced an uphill task of continuing to work because their systems were not designed for remote access. Several partners with whom we were working had difficulty accessing their data.
This was one challenge that we faced. The larger companies had some level of VPN and some level of remote connectivity but that suddenly was required to cater to the entire organisation. Devices like the laptop were being used even outside the office, but this time it was for a longer period of time.
“Some companies did not have decent endpoint security like DLP, anti-virus, anti-spam, firewall, proxy, which leads to issues like ransomware attacks and other issues. Coming to my personal experience, we are not a regulated company but we went ahead and did some security arrangements for ourselves by adding things like DLP, Proxy, and emailing security. All these things were put in place before we entered the lockdown,” added Gupta Boda.
He further explained that the biggest challenge for their organisation was to mobilise the people who are not used to working remotely, their organisation is a real estate organisation and most of their work is in the field.
80 per cent of the staff is located on the field and 20 per cent is in the corporate office and mobilise these people to get them to do some meaningful work during the lockdown was a major challenge.
“Initially, we had to incorporate the Microsoft office 365 and other tools. But the number of documents which were there inside were not sufficient for us to take advantage of. We went into a quick accelerated adoption between the months of February to March. The rest of the world was closing down and it could happen in India as well and we thought if that happens we need to have the data and not come to the office,” added Gupta Boda.
The idea was to move the work online and we had to make a shift in the way of working and shifting it from email to a centralised and collaborative environment, this became a challenge.
“We had to constantly spread awareness amongst our employees regarding the lockdown situation due to COVID-19, the vaccines, medicines, treatments, availability of bed. We also received phishing emails and we had to inform the users as to how these things need to be handled. We also received emails impersonating the senior management for making a certain amount of payment.
Because we took the awareness part seriously during the pre-covid times, during the lockdown we had made sure that the team knows that such things are bound to happen and please be watchful of it.
There was no loss to the company but one of the team members did face a loss which was due to sheer misunderstanding, thinking that the transaction was being made to his friend but it went to someone else. We had to look at our controls in a completely different manner and we were fortunate enough to be prepared,” Gupta Boda concluded.