Although cybersecurity has been on the agenda for most companies for the last few years, the onslaught of Covid-19 has only hastened that process. Ever since the pandemic-dictated lockdown was imposed, there has been an unprecedented jump in cyber attacks carried out on the network and systems of companies, both outside and within the country.
Going by a study by Cisco, within the country, more than 70% of the organisations have experienced a 25% or more rise in cyber threats or alarms since the pandemic broke out. At the same time, the exigencies of the same pandemic have necessitated a large-scale pivot to remote work, or what is more popularly known as work-from-home along with flexible work schedules and co-sharing of workspaces and network, thereby only amplifying the need for ramping up of cybersecurity defences for companies.
The Increased Investment Into IT And Security Systems
Around the middle of the year in July, an Adobe survey had revealed that a staggering 98% of organisations in the country were impacted by Covid. In fact, Covid-19 has created a dilemma of sorts for the companies. While most companies have had to face adverse effects on their business in terms of sales, revenue and profitability, the pressing need to embrace cyber technologies has also made them do a serious rethink on their IT budgets.
The same Adobe survey had revealed that for a whopping 89% of CIOs in the country, cyber security had figured as top investment priority. Another study covering small, medium and large enterprises has revealed that even as IT budget would be rationalised due to the economic headwinds faced by companies, there would be added expenditure on internet technologies, cyber security solutions and networking products.
Remote Working As New Normal Throws Up New Challenges
As the ongoing pandemic spurred a shift towards remote work as a new normal, there has been a barrage of new challenges. According to a study, as many as 99.8% of employees of IT sector in India are not adequately trained and equipped to handle their tasks and perform well under remote working conditions. If such abysmal state of affairs could exist in the much-vaunted IT sector, the lesser said about the other sectors, the better.
The aforementioned Cisco study has advanced that during the transitioning to remote work, 68% of organisations had cited ensuring secure access as the biggest challenge faced by companies followed by data privacy (66%) and security against malware (62%).
In addition, low awareness of the IT systems and the cyber threats integral to them was a challenge faced by 55% of the companies. It is because of low awareness and lack of training that employees were using unprotected devices and untested software putting their companies’ critical information and data at risk. However, despite these challenges, what is heartening is that an overwhelming 97% of organisations had reported bringing about changes in their cyber security policies to buttress remote working as an established practice.
How Companies Are Navigating This Accelerated Transition: Cloud Technologies & VPN
There is no doubt that while some sectors have been impacted more severely than others, there are indeed sectors and spheres of work which have received some sort of a stimulus precipitated by the pandemic. For their part, the companies in each of these sectors as well as others – depending on their budget and the level of threat perception – are adopting an assortment of measures to deal with the ongoing shift to remote work coupled with the simultaneous rise of cyber security threats. Two of the most prominent and immediate measures adopted have been Cloud technologies and VPN.
Cloud technologies have been one of the most solid features of new digital transition. According to an IDC report, 64% of companies in India expect a rise in demand for cloud computing in the wake of Covid-19.
Cloud technologies would typically include desktop-as-a-service (DaaS), software as a service (Saas), platform as a service (PaaS) and infrastructure-as-a-service (IaaS). Especially in the context of remote work receiving traction, DaaS is expected to register fastest growth though SaaS would remain the largest segment of cloud solutions.
One of the biggest benefits of cloud is that it is highly cost-effective. Not only does it entail reduced capital expenditure and trimmed staffing requirements, it also allows flexibility in payments by way of ‘pay as you go’. At the same time, it offers scope for flexibility in terms of services meaning that a company can opt for public or private or a hybrid cloud service, based on the its need and budget.
Equally important to note is that cloud services are rapidly deployable. At the same time, cloud has its own challenges. While technical complexity in moving to cloud is a task, the unencrypted cloud databases are another problem that needs to be dealt with. At granular levels, the companies accessing cloud service must also delineate the boundaries between the cloud service provider’s security responsibilities and its own especially in light of using different security tools from different cloud vendors.
Virtual Private Network (VPN)
Taking recourse to VPN services has been another way to neutralize and to ward off the potential cyber threats posed to companies increasingly migrating to remote work. In March this year, a data analytics and consulting company had forecasted a year-on-year (y-o-y) growth of 7.8% for VPN spending in India which would have risen even further because of Covid-19.
VPN allows the company’s traffic routed through a secure and encrypted virtual tunnel on the internet which is insulated not only from hackers and cyber threat actors but even from the Internet Service Provider.
The ISP can only monitor the bandwidth usage and can’t track the website destinations. As such, VPN assures privacy, anonymity and most importantly security for the company’s privileged and confidential data. On account of the urgent need for VPNs for remote working, the government of India had to repeatedly relax norms allowing the Other Service Providers (OSPs) use static IP address for interconnection between Home agent position and OSP Centre with pre-defined locations.
In a nutshell, even as companies have always braced themselves with cyber security management strategies, Covid has injected an unprecedented dose of urgency. However, what is notable is that this urgency doesn’t call for short-term measures. Although the immediate impulse has been to facilitate business continuity, the companies are fortifying their cyber defences with a long-term view.
While taking a fresh look at Bring Your Own Device (BYOD) policies, besides cloud security and VPN, they are also opting for solutions such as endpoint security and mobile device management. Additionally, they are also instituting protocols such as two-factor authentication and rigorous compliance on software patches and updates.