Many businesses are still unprepared for deterring actual cyber-related attacks against their network, because security has been the most sensitive area of concern for them.
Businesses can reduce the risks by implementing new IT security infrastructure, and by requiring employees to follow policies and protocols to maintain data security and privacy, wherever their physical locations.
In an interview, Rishikesh Kamat, Vice President – Products and Services, NTT Global Data Centers and Cloud Infrastructure, India, tells how NTT is ensuring security of the client IT infrastructure.
DQ: Why do organizations need to rethink their security approach and align it with the present business landscape?
The rapid adoption of remote working has created a huge impact on enterprise security. A survey by software firm Hiver indicates that about 60% of the Indian companies were targeted by email-based security threats on a weekly basis. Researchers from Palo Alto’s Unit 42 team found that out of the 1.2 million newly registered domains related to COVID-19 between March and April 2020, as many as 86,600 displayed malicious intent.
The digital and work-from-home switch has led to a change in not only the work processes, but also the priorities in most organizations. CISOs are constantly focusing on adapting to the new environment and create security strategies that can proactively deal with any risks.
Here are some of the tools that we recommend for the security best practices in the new normal:
Securing remote workforce: The International Information Systems Security Certification Consortium (ICS)2 indicates that about 23% organizations have experienced higher instances of cybersecurity risks since switching to remote working.
The demand for secure logins in a WFH scenario is huge. We thus recommend a cloud-based zero trust framework instead of a VPN. Another option is to go for virtual desktops through which company data and applications can be accessed by the employees.
Avoiding third party apps: A survey by security firm CyberArk found that 77% of remote employees use unsecured devices to access company systems. Companies need to guard against such practices by allowing access through only the pre-approved devices which have the necessary security solutions and applications installed on them.
Adherence of company security policies: Organizations must constantly sensitize their employees on security policies and habits such as changing their passwords frequently. They must be advised against clicking on any suspicious or unverified emails. It has to be realised that just one click on phishing mails can provide hackers an entry into the corporate network. It is also important to avoid usage of unsecured social media channels and apps for corporate communication.
Strategic software updates: Outdated software can prove to be a weak link that hackers can exploit to access the corporate network. Organizations can overcome this challenge by using remote cloud-based automated patch management solutions or MDM solutions to push updates to remote devices.
Data backups: It is important to constantly back up organizational data either on cloud or on secondary storage locations. This will help an organization recover data and resume operations even if a ransomware attack takes place.
DQ: Why monitoring security needs to be an ongoing effort for companies now and in the future?
Rishikesh: Cyber-threats are constantly on the rise and the sophistication of the attacks is also increasing by the day. Therefore, it is imperative for companies to constantly upgrade their threat detection and response systems. The need of the hour is to have proactive security tools in place which provide real-time monitoring and response.
We are witnessing a lot of demand for services bundled with features such as commercial threat intelligence, orchestration and automation, threat hunting and 24x7 alerts, as well as analysis of threats and recommendation of remedial steps. Constant monitoring is going to be an integral security strategy for all companies going forward.
DQ: How through various services/WFH resources NTT is ensuring security of the client IT infrastructure or any other related queries that you might have with regards to the same.