Skip to main content

Cybercrime - staying one step ahead in the post-pandemic world

security
(Image credit: Shutterstock / Khakimullin Aleksandr)

Earlier this year, as the world grappled with the pandemic, a cyberattack was launched which forced a temporary shutdown in operations and had significant cost implications for industries worldwide. As we move forward in our increasingly digital world, this event and others, should serve as a reminder of the rapidly evolving cyber threat. It is clearly evident that cyber-attacks are becoming both more sophisticated and more widespread. Cybercriminals are now using Artificial Intelligence and advanced technologies to exploit the vulnerabilities of remote working and cloud storage, thereby threatening existing defensive strategies. To stay ahead of the cybercriminals, protect data and customers, and stay competitive, organizations must stay constantly on top of their cybersecurity.

To defend against such attacks, it is key to understand them and the systems they attempt to exploit. By identifying potential weaknesses in our cybersecurity practices, it is then possible to focus on reinforcing those areas and developing more robust end-to-end cybersecurity programs, with the hope of identifying and mitigating risks sooner. 

Ransomware supply chain threats have increased significantly over the course of the pandemic and continue to affect all sectors to varying degrees. Particularly problematic are nation-state attacks on the critical infrastructure of adversaries. Such attacks aim to directly disrupt the functioning of the target system, which is fundamental for business and day-to-day life and can have international ramifications.  Most vulnerable to these types of attacks are industries with high operational technology (OT) dependence as the attacks affect the whole system’s reliability. 

At Wipro, we conducted a mass annual survey across 190+ corporations located in 35 countries with full results analyzed in our latest ‘State of Cybersecurity Report’ (SOCR). When examining cyberattacks in the ENU sector, it was predicted that attacks on OT and cyber-physical systems would escalate, particularly attacks on national, critical infrastructure such as utilities, telecom, power, healthcare and emergency services; fuelling changes in national cyber doctrines and the defense measures employed by target governments, industries and individuals. CISOs in the ENU sector reaffirmed the threat of such attacks and their input: 54 percent of those surveyed said they are not confident about preventing risks from third-party consultants and contractors in the supply chain.

The sad truth is that cybercrime is on the rise, and businesses are not as prepared as they need to be. Despite predictions that attacks on supply chains are expected to increase well beyond the pandemic, shockingly 53 percent of organizations surveyed in the SOCR claim they are not prioritizing investments in supply chain security. 

Therefore, as we move increasingly online and remote working continues to change our digital habits, all organizations should be asking themselves the following questions:

1. Why should we care about cybersecurity? 

It’s no secret that a major cybersecurity incident can have a negative cascading effect on an organization’s brand and reputation. Results can include compliance fines, erosion of customer trust and impact the bottom-line. Wipro’s survey data found that 72 percent of respondents felt that a cyber incident would damage brand reputation and 54 percent said the non-availability of services would lead to revenue loss. Customers trust brands to securely handle and store their data and a serious cyber breach could damage the brand’s reputation for years, or permanently, even without their customers suffering any actual personal loss. With so much sensitive information now held by a multitude of organizations, data security must be a top priority for all businesses. 

As cyber security risks proliferate, organizations must ensure that all their employees buy into their cybersecurity vision. It is essential that businesses communicate the larger mission of safeguarding to their staff to ensure customers and important data are protected. 

2. Where do our key vulnerabilities lie?  

Many organizations have a disjointed approach to cybersecurity, resulting in an unequal application of security strategies. This means some areas are left more vulnerable than others. These areas are then exploited to disrupt business. organizations need to ensure they have a strong, consistent, security strategy across all areas of the business. For this to happen, cybersecurity needs to be everyone’s top concern.

As lockdown after lockdown hit, companies had no choice but to embrace remote working. Network and security capabilities were pressure tested beyond what most business continuity plans could have envisaged. Seeing a sizeable opportunity for exploitation of this new business reality, bad actors swiftly put in motion malware and spam campaigns to take advantage of this uncertainty and sudden change. It has now become apparent that the post Covid world will look very different, with companies identifying various technological challenges going forward and acknowledging that continued remote working creates new challenges for maintaining secure networks.

70 percent of survey respondents highlighted challenges around maintaining endpoint cyber hygiene due to the rapid increase in remote work and 94 percent of respondents stated that increasing secure Virtual Private Network/remote access capabilities was one of their top cybersecurity priorities during the pandemic. Going forward in this ‘new normal’, companies must aim to make their people and operations secure wherever they are in the world. Key vulnerabilities therefore include lack of a coherent response to evolving risks and a failure to recognize the increased challenges posed by remote working.

3. What is our immediate plan of action?  

Despite popular belief, organizations cannot build up defences in isolation. Strong collaboration between the public and private sector, together with partners and stakeholders, is essential. Working together enables the identification of new threats in cyberspace and helps in the evolution of strategies to counter them. However, before extending collaboration to external entities, internal operations must be in order. Here are some immediate actions which can be taken to mitigate risk: 

a. Carry out a security assessment of the environment: perform an analysis of attack surface across IT, shadow IT, and suppliers. Identify vulnerable unmanaged/edge/IoT devices in your environment, as well as issuing a passive risk assessment of the OT network, OT assets and various OT protocols.

b. Harden the IT environment: Review your architecture and take steps towards Zero-Trust. Additionally, review your vulnerability management process and remediation actions, implementing technologies like Endpoint Detection and Response. You can also patch workstations, preventing peer-to-peer communication and remote access and implement multi-factor authentication and privilege wherever applicable. 

c. Strengthen the OT and IoT environment: Use network segmentation of the OT network to control the network traffic and continually monitor using integrated SOC. Also, patch and harden workstations and desktops in the OT environment and implement strong policies for remote access.

d. Implement a strict security awareness program: It is becoming increasingly obvious that people, with their strengths and weaknesses, form the perimeter of cybersecurity capability. Companies should offer training on best practices while using IT systems and cybersecurity hygiene. Further, with email phishing recognized as one of the top two cybersecurity risks being fought, employees must be aware of phishing and social engineering attacks. They should also be educated on sage internet habits and social networking risks.

e. Implement business resilience and continuity: The key to this is having a robust Incident Response and Crisis Management structure in place that puts equal focus on response and recovery in addition to detection and prevention. The primary step in the cyber resilience journey is to assess the current IR preparedness to detect, contain, recover and investigate into security incidents followed by assessments (tabletop exercise, scenario-based assessments, etc.) in adherence to industry standards like NIST, MITRE ATT&CK and SANS Framework. Make sure to implement advanced backup technology, which will protect backups from ransomware and recover data when necessary. 

True cybersecurity is comprehensive; all aspects of an organization’s operations should work together to enhance security.

Tony Buffomante, SVP & Global Head, Cybersecurity and Risk Services, Wipro Limited

Tony Buffomante, SVP & Global Head, Cybersecurity and Risk Services, Wipro Limited.