In the post-COVID era, the success of the new hybrid workplace model will be hugely dependent upon an organization's efforts in combining its digital transformation goals with robust IT security
The acceleration of digital transformation and increased cloud adoption has connected people, businesses, and culture like never before in recent times. In the pandemic-induced work-from-home scenario, companies have invested in data-driven technologies to stabilize their businesses and make their IT environments smarter.
The modified state of business priorities has been well-supported through analytics, automation, and artificial intelligence for enterprises. By embracing these technologies, enterprises have been able to mitigate unforeseen challenges and ensure business continuity remotely. However, this tectonic shift of traffic and rise in the remote working scenario has also compounded the network vulnerabilities, providing new opportunities for cybercriminals to expand their attack patterns.
By leveraging intelligence tools and exploiting the innumerable less-secure end-points, cybercriminals have consistently launched novel attacks that are hard to trace.
Cybersecurity Ventures estimates that global cybercrime costs could grow by 15% per year over the next five years, reaching USD 10.5 trillion annually by 2025, up from USD 3 trillion in 2015. According to Purplesec, there has been a 600% growth in cybercrime-related activities in the last year. A survey conducted amongst 582 information security professionals found that 50% of the executives do not believe their organization is ready to repel a ransomware attack.
Massive surge in cyberattacks
Since the beginning of the pandemic, the industry has witnessed a significant rise in cyberattacks and data theft. According to a study by IBM, during the first three months of 2020 alone, India saw 37% more data breaches than in 2019. In addition, the country witnessed 16 million cases of cyberattacks, nearly three times that of 2019.
Driven by the exponential growth of data and the growing distributed workforce, cybercriminals are launching numerous malicious cyber campaigns loaded with pandemic-driven themes to trick the vulnerable distributed workforce. Various industry reports are testimony to that. According to Trend Micro, more than 60% of COVID-19-related threat detections came from the US, Germany, and France. The security firm also adds that despite being relatively new, the VPN vulnerability CVE-2019-11510 accounted for nearly 800,000 detections in 2020 alone.
RAH is seeing a huge uptake in demand of cybersecurity solutions by enterprises as well as organizations of all sizes in last few quarters, to be precise, since the beginning of the pandemic. WFH, increase in shifting to cloud, and other digital transformation initiatives have opened up plethora of avenues for cyber attackers. While these are timely and futuristic steps being taken by enterprises, cybersecurity remains at the core of all such initiatives.
In India, companies such as Air India, Dominos, Facebook, Juspay, Bigbasket, Upstox, among several other, have seen the critical data of their customers being stolen, causing a massive dent in their market goodwill.
Indian Computer Emergency Response Team (CERT-In) observed about 140 phishing incidents during the first half of 2021. According to CERT-In, fraudulent emails, SMS messages, and phishing websites pretending to be from legitimate services are reported luring users to divulge credentials to conduct frauds.
As more and more users are now using the internet for buying goods and services, hackers are also targeting the vulnerable population by sending unauthorized payment links and showcasing fake shopping websites. RBI has repeatedly issued a warning to banking customers that using these new tricks of unconfirmed SMSes and UPI notifications and unscrupulous hackers can wipe out the entire balance of banking customers.
Among the biggest shocks in the cybersecurity space, SolarWinds supply-chain hacks of 2020 stood number one.
Fraudsters launched the attack by hacking the infrastructure of American IT Software firm, SolarWinds, and spreading malicious code to its over 30,000 clients through the software updates route. The worst part was that the list also included several US government departments, making their critical data open to cybercriminals. The attack reflected that most organizations are vulnerable to highly sophisticated mechanisms being adopted by the cybercriminals of the modern era.
It was also a cruel reminder cybercriminals are way ahead to create new channels to gain a foothold in enterprise networks. And even with robust IT security practices, organizations may not have enough ammunition to secure their networks.
According to the Infoblox Q1, 2021 Intelligence Report, in the instance of SolarWinds, the threat actor used a highly sophisticated attack chain to deliver malicious code through a backdoor injected into a dynamic-link library that was a part of a legitimate update to some versions of SolarWinds' Orion software. The report adds that the threat actor remained undetected for an extended time by employing sophisticated obfuscation methods such as imitating the legitimate SolarWinds coding style and naming standards. It did the damage by using Virtual Private Servers (VPSs) with IPs native to the victim's home country and leveraging compromised security tokens for lateral movement.
From a Domain Name System (DNS) perspective, Infoblox has been able to verify that once a victim has been infected with SUNBURST, the malware beacons to avsvmcloud[.]com with a hostname designed by a Domain Generation Algorithm (DGA) to exfiltrate data about the victim, as described above. The threat actor can return one of several responses in the form of an IP.
Due to the rapid uptake of remote work, organizations and employees have increased usage of collaboration tools, such as Meet, Zoom, and Slack. According to a Trend Micro report, the high use of these tools has led to the amplification of attacks such as Zoombombing, spam emails, and new ransomware variants that exploit these applications.
Many phishing attacks with COVID-19 themes are also getting noticed by the industry users where cybercriminals sent emails to users pretending to be senior executives from World Health Organization (WHO), tricking them to click on malicious links and documents.
The majority of the security leaders still focus on reactive strategies when it comes to IT security investments. While the current crisis has transformed that orientation a bit, most of the IT security initiatives revolve around traditional compliance and risk patterns. Another challenge that the industry has been battling for many years is the lack of cybersecurity talent. Due to the understaffed security staff, many organizations cannot leverage the capabilities of artificial intelligence, analytics, and automation when it comes to securing their workforce.
Going by Cybersecurity 2021 Part 1 survey report commissioned by ISACA and HCL Technologies, the last few years have seen massive demand for cybersecurity talent. However, due to low entry-level positions for the cybersecurity workforce, the industry has not created enough experienced talent pipelines in this space.
According to the report, 68% of the companies who experience more cyberattacks face a talent drought in cybersecurity, and 63% who experiences more cyberattacks historically are unable to hold qualified cybersecurity talent. In the age where AI, robotics, and IoT are taking center stage and making everything connected, lack of cybersecurity talent and poor governance practices can lead to more sophisticated attacks on enterprise networks.
In the next few years, the stakeholders in cybersecurity should come together to build a talent transformation consortium that can make a strong talent pool of cybersecurity talent.
With an extensive focus on remote working, organizations need to provide a secure IT environment to their people proactively. Factors such as upskilling and reskilling the IT talent pool, reviewing cybersecurity strategies, and build effective resilience programs will go a long way in developing a trusted environment. There have to be effective data security interventions, and they need to be well-supported by an in-house cybersecurity team and a strong technology partner.
In the absence of a well-carved IT security strategy, enterprises will find it really challenging to drive profitability and innovations in their business ecosystems.
The author is Ashok Kumar, MD, RAH Infotech