According to the survey report “The Future of Cybersecurity in the Asia Pacific and Japan” published in March 2021 by Sophos, 52% of organizations in India have fallen victim to a successful cybersecurity attack in the last 12 months. Of these successful breaches, 71 percent of organizations admitted it was a serious or very serious attack. For 65 percent of organizations, the breaches took longer than a week to remediate.
Fig. 1: Cybersecurity status in India (as per Sophos March 2021 survey report)
Cybercrimes up 600% due to the COVID-19 pandemic
The COVID-19 pandemic has ushered India into a new era of digitization. Even as the world is coming to terms with a digital-first approach to business, education, healthcare, banking and finance, news and entertainment as well as for a series of leisure and work-related activities, data breaches have been posing a major roadblock to faster digital adoption. In the absence of strong cybersecurity awareness and data security laws, our Indian businesses continue to battle regular and grave cyber frauds/crimes, making them extremely vulnerable. Cybercriminals are using social engineering, phishing, identity theft, spam emails, malware, ransomware, and whaling to compromise their targets.
- Phishing/Hacking/Malware (31%)
- Individual Mistake (24%)
- External Theft (17%)
- Vendor (14%)
- Internal Theft (8%)
- Lost or Improper Disposal (6%)
Fig. 2: Top causes of security breaches
Experiencing a cyber-attack is not a matter of if for your organization; it’s a matter of when. And the time to prepare is now. We can’t stress enough about the importance of what it means to be cyber resilient to build our digital future. This makes it extremely important that Indian businesses and organizations, both big and small, wake up to the need for building cybersecurity awareness and investing in robust cybersecurity and data security infrastructure.
Preparation is prevention: cybersecurity best practices to thwart a breach
The following best practices can help you create an organization that operates securely, remains vigilant in the face of cyber threats, and that can show resiliency when attacked. The approach emphasizes pragmatic solutions—solutions that are industry-specific and that deploy the right people, processes, and tools to address known and emerging cyber threats. Businesses that adhere to following cybersecurity best practices can transform themselves to become more secure, vigilant, and resilient:
- Conduct cybersecurity training and awareness: We as humans are as strong as the weakest link in matters of cybersecurity. It is the untrained employee who can be the biggest liability. A strong cybersecurity strategy would not be successful if the employees are not educated on topics of cybersecurity, company policies, and incidence reporting. Even the best technical defenses may fall apart when employees make unintentional or intentional malicious actions resulting in a costly security breach. Educating employees and raising awareness of company policies and security best practices through regular training, seminars, classes, online courses, and simulations is the best way to reduce negligence and the potential of a security violation. For example, raising cybersecurity awareness such as “Simulated Phishing Attacks” helps employees understand the far-reaching effects of a phishing attack.
- Mapping cybersecurity to business: Cybersecurity is a holistic issue that needs to be viewed on a broader Companies need to understand that technology is not the end of cyber threats. Businesses need to categorize, prioritize and standardize their business requirements in terms of cybersecurity. The secret mantra to good cybersecurity infrastructure is simple, “if you don’t implement it in the right way, it won’t help you in any way”. The approach needs to shift from a technology-centric view to a more business-oriented one.
The threats that are facing enterprises are maturing and evolving every day, and so should our response. Risk mapping helps an organization identify the areas where it’s going to spend its security budget, how to implement solutions, and, most importantly, it helps identify specific instances of risk reduction.
- Implement right information security processes and policies: Processes are key to the implementation of an effective cybersecurity strategy. They are crucial in defining how an organization’s activities, roles, and documentation are used to mitigate information risks. Processes also need to be continually reviewed. Policies identify the key activities and provide a general strategy to decision-makers on how to handle cybersecurity issues as they arise.
- Implement a robust Business Continuity Plan (BCP), Disaster Response Plan (DRP), and Incident Response Plan (IRP): As the number of cyber-attacks and data breaches continues to rise, your organization will inevitably experience a security incident at some point. Business resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets, and The core components of a program include the Business Continuity Plan (BCP), Disaster Recovery Plan (DRP), and Incident Response Plan (IRP).
- The Business Continuity Plan (BCP) is the written set of procedures an organization follows to recover, resume, and maintain business functions and their underlying processes at acceptable predefined levels following a disruption.
- The Disaster Recovery Plan (DRP) is the documented process to recover and resume an organization’s IT infrastructure, business applications, and data services in the event of a major disruption.
- The Incident Response Plan is a set of instructions to help IT staff detect, respond to, and recover from security incident.
Having solid BCP, DRP, and IRP plans and policies in place will help an organization effectively respond to cyber-attacks and security breaches while ensuring critical business systems remain online.
- Security compliance and audits: You need to achieve a strong security posture by following industry standards to ensure best practices, frameworks, and repeatable processes are established. A Security Compliance Audit is a comprehensive review and evaluation of a business or organization’s compliance with a voluntary compliance framework (e.g. SOC2) or a regulatory requirement (e.g. GDPR). The scope of a compliance audit depends on which framework/regulation the auditor is evaluating against and, for some frameworks, what type of information the organization stores and how they utilize it. Examples of these compliance standards consist of NIST, ISO27001, CMMC, PCI, and Having an independent auditor assess an organization’s security controls provides a clear, unbiased report of existing risks, vulnerabilities, and weaknesses.
- Enforce secure password storage and policies: Organizations should enforce the use of strong passwords that adhere to industry-recommended standards for all employees. They should also be forced to be periodically changed to help protect from compromised passwords. Furthermore, password storage should follow industry best practices of using salts and strong hashing algorithms.
The best way to ensure proper security is to use specialized tools, such as password vaults and Privileged Access Management (PAM) solutions. This way, you can prevent unauthorized users from accessing privileged accounts and simplify password management for employees at the same time.
- Cyber resilience is the ability of an enterprise to limit the impact of security incidents by deploying and arranging appropriate security tools and process.
- In the absence of strong cybersecurity awareness and data security laws, Indian businesses continue to battle regular and grave cyber frauds/crimes, making them extremely valunarable.
- Experiencing a cyber-attack is not a matter of if for your organization; it’s a matter of when.
- Cybersecurity best practices include conducting cybersecurity training and awareness; mapping cybersecurity to business; implementing right information security processes and policies; implementing a robust BCP, DRP, and IRP; security compliance and audits; enforcing secure password storage and policies; ensuring Vulnerability Management and Software Patch Management/Update; strong technical controls implementing best security practices; data backups; using MFA; using the principle of least privilege; monitoring the privileged users; using encryption for data at rest and in transit; avoiding opening suspicious emails; checking links before clicking; Threat Analysis/ Intelligence; monitoring third-party control.
- The threats that are facing enterprises are maturing and evolving every day, and so should our response.
- The untrained employee (in cybersecurity) can be the biggest liability.
- Having an independent auditor assess an organization’s security controls provides a clear, unbiased report of existing risks, vulnerabilities, and weaknesses.
- Keeping IT systems and relevant software/ hardware up-to-date helps protect organization assets.
- Backing up data is one of the information security best practices that has gained increased relevance in recent years.
- Privileged users can be one of the greatest assets of a company or one of the greatest threats to data security.
- A third-party person can have open access to your data and of course, it entails a higher risk of insider attacks.
- Ensure Vulnerability Management and Software Patch Management/Updates: It is crucial for organizational IT teams to perform identification, classification, remediation, and mitigation of vulnerabilities within all software and networks that it uses, to reduce threats against their IT Furthermore, security researchers and attackers identify new vulnerabilities within various software every now and then which are reported back to the software vendors or released to the public. These vulnerabilities are often exploited by malware and cyber attackers. Software vendors periodically release updates that patch and mitigate these vulnerabilities. Therefore, keeping IT systems and relevant software/hardware up-to-date helps protect organizational assets.
- Strong technical controls implementing best security practices: Technical security solutions are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. Best security practices for technical security includes:
- Hardware, software, and firmware models and versions that are kept up to date
- Vendor-supported firewalls, intrusion detection, and prevention appliances/tools
- Current and regularly updated antivirus software
- Network segregation
- System hardening
- Backup your data: Due to hardware failure, virus infection, or other causes you may find yourself in a situation where information stored on the device you use is not Ensure the security of your data by regularly backing it up. Backing up data is one of the information security best practices that has gained increased relevance in recent years. With the advent of ransomware, having a full and current backup of all your data can be a lifesaver.
- Use Multi-Factor Authentication (MFA): Multi-factor authentication (MFA) is a must-have solution for advanced security strategies.
MFA helps you protect sensitive data by adding an extra layer of security, leaving malicious actors with almost no chance to log in as if they were you. Even if a malicious actor had your password, they would still need your second and maybe third “factor” of authentication, such as a security token, your mobile phone, your fingerprint, or your voice. As an added benefit, MFA also allows you to clearly distinguish among users of shared accounts, improving your access control.
- Use the principle of least privilege: The principle of least privilege dictates that both software and personnel should be allotted the least amount of permissions necessary to perform their duties. This helps limit the damage of a successful security breach as user accounts/software having lower permissions would not be able to impact valuable assets that require a higher-level set of permissions. Also, multi-factor authentication should be used for all high-level user accounts that have unrestricted permission.
- Monitor the privileged users: Privileged users can be one of the greatest assets of a company or one of the greatest threats to data security. Yes, privileged account users have all the ways to corrupt your data. No matter how you trust your employees, anything can happen. So, limit the number of privileged users and make sure that the privileged accounts are deactivated immediately whenever they are terminated. It is required to enable user activity monitoring solutions to record any suspicious actions inside your network.
- Use encryption for data at rest and in transit: All sensitive information should be stored and transferred using strong encryption Encrypting data ensures confidentiality. Effective key management and rotation policies should also be put in place. All web applications/software should employ the use of SSL/TLS.
- Avoid opening suspicious emails: If an email looks suspicious, don’t open it because it might be a phishing scam. Someone might be impersonating another individual or company to gain access to your personal information. Sometimes the emails may also include attachments or links that can infect your devices.
- Check links before you click: Links can easily be disguised as something they are not, so it is best to double-check before you click on hyperlinks. On most browsers, you can see the target URL by hovering over the link. Do this to check links before you click them.
- Threat Analysis/Intelligence: Most businesses and organizations lack adequate information and have little awareness of how to detect cyber Thus, having an expert consultant on board, who can run a dedicated Threat Analysis that can help discover risk factors, threats and highlight the current cybersecurity analysis, one of the first steps to building a cyber-security defense within a corporate ecosystem. A threat analysis also helps companies to understand the types of threats (including ones specific to the industry), and the grave consequences that can lead to not just financial losses but even loss of credibility and in some cases (Healthcare), life.
- Monitor third-party controls: Controlling third-party access is a crucial part of a security strategy. A third-party person can have open access to your data and of course, it entails a higher risk of insider It is essential to monitor the third-party actions to protect your data from breaches. It is important to restrict third-party access to a certain area and note to deactivate the access whenever they finish the work. Build a cyber-resilient business.
Cyber resilience is the ability of an enterprise to limit the impact of security incidents by deploying and arranging appropriate security tools and processes. Becoming a secure, vigilant, and resilient organization doesn’t happen quickly. But it’s something that has to happen if your organization intends to survive amid the emerging digital technology landscape and the evolving terrain of cyber threats. And becoming a secure, vigilant, resilient organization requires constant assessment of how well you are taking appropriate cybersecurity measures— constant assessment of whether you’re taking them effectively, of whether those steps are taking you where you want to go.
Stay Vigilant, Stay Safe!
About the Author
Dr. Rizwan Ahmed is Chief Technology Officer (CTO) at delaPlex and also works as an “Independent Consultant for Cyber Security and Digital and Mobile Forensic Investigator” for various private, government, and law enforcement agencies in India and abroad. He is one of the first recipients of a Ph.D. in the field of mobile forensics in India and has won multiple global technology awards for his