The onset of the Covid-19 pandemic and the consequent adoption of the remote working model has significantly exacerbated the issue of cybersecurity. As organisations navigate the new normal of maintaining business continuity, their data is increasingly becoming vulnerable to cyberattacks. New operating models have also created multiple end points in data chains, providing attackers access to core business data. Further, with increasing internet penetration, the cyberthreat landscape has evolved significantly. In view of the evolving threat landscape, companies and cybersecurity leaders are turning to new, cyber-secure methods and approaches to effectively tackle this problem.

A look at the key issues and challenges that organisations are facing in the field of cybersecurity…

Ransomware attacks on the rise

There is visible change in the methods, motivations, and scope of cyberattacks. As technology continues to evolve, modern-day cybercriminals use the latest techniques to bypass the existing cybersecurity infrastructure, which involves multiple layers of protection across hardware, networks, programs and data. Due to lack of preparedness, confidential databases, endpoint devices, and cloud workloads have been targeted, resulting in ransomware attacks and data thefts.

Ransomware attacks are directly or indirectly becoming unpredictable for small and medium businesses. These attacks in­volve hacking into a user’s data and preventing them from accessing it until a ransom amount is paid. They cause critical da­mage to individual users and even more so to businesses, which cannot access the data required for running their daily operations. With most ransomware attacks, the attackers do not release the data even after the payment is made, and instead try to extort more money.

Increasing overlap between physical and virtual worlds

Another challenge in the field of cybersecurity is dealing with the increasing overlap between the physical and virtual worlds of information exchange. As driverless cars and other self-regulated de­vices become the norm, the internet of th­ings (IoT) and bring-your-own-device business policies give criminals more access to cyber-physical systems. Attacks on IoT devices can result in sensitive user data being compromised. Safeguarding IoT devices is one of the biggest challen­ges in cybersecurity, as gaining access to these devices can open the doors for oth­er malicious attacks. Further, cybercriminals can expose profitable assets with data accessible from some industrial cloud network.

Even the most advanced software has some vulnerability that might pose significant cybersecurity challenges. Individuals and enterprises do not usually update the software on these devices, as they find it unnecessary. An older software version mi­ght contain security vulnerabilities that have been fixed by the developers in a newer version. Attacks on such unpatched software versions is a big challenge.

Cyber-scammers are continuously on the lookout for outdated web software. Once a vulnerability is discovered, cybercriminals exploit the external web systems that run the vulnerable piece of software. Un­documented open source software, us­ed by many organisations, can pose a th­reat to the organisation. With the pandemic adversely impacting allocation of budgets for business operations, many enterprises have ended up falling in the trap of opting for low-price software.

Internal data leakages

While most cybersecurity challenges are external for businesses, internal data leakage can occur as well. Employees with malicious intent can leak or export confidential data to competitors or other individuals. This can lead to huge financial and reputational losses for the business. Such challen­ges associated with securing computer networks can be negated by monitoring data as well as inbound and outbound network traffic. Installing firewall devices to route data through a centralised server, or limiting access to files based on job roles, can help minimise the risk of insider attacks.

Phishing attacks

Phishing continues to be one of the most widespread forms of social engineering attacks. It involves fraudulently obtaining sensitive data such as card and bank de­ta­ils, and personal information, which is then used to make fraudulent transactions. Machine learning, artificial intelligence and connected devices use a large amount of crowdsourced data and user information obtained from social media and apps, such as satisfaction ratings, brand preferences, spending patterns, and browsing histories. This makes them preferred targets for cybercriminals. There have also been reports of untargeted phishing campaigns in which the attackers impersonated personnel from various agencies engaged in combating the Covid-19 crisis.

The way ahead

Lately, the increasing scale, complexity and repercussions of cyberattacks have escalated the discourse around the issue. With emerging challenges in the cybersecurity space, there also exist opportunities that can be tapped. For instance, the cy­ber­security industry generated a cumulative revenue of about $4.3 billion in 2019, and this is expected to reach $7.6 billion in 2022. In India, the Personal Data Protection Bill and the recent Aa­dh­aar ruling by the Supreme Court, limi­t­ing the use of data, will increase the fo­cus on data privacy issues. However, the­re is a need to develop a cybersecurity fra­mework that leverages threat intelligence and can identify and respond to advanced threats, thereby creating an improved security posture.