The New Paradigm Of Remote Working
There have already been more incidents of cyber-attacks and ransomware in 2021 compared to 2020 giving the need to ringfence companies to be better prepared from increased cyber threats.
The recent cyber-attacks and ransomware incidents have highlighted the need for a new approach to security of the supply chain network. While enterprise security does the job for large companies, there is a need to take a fresh look at the way security systems are deployed with the supply chain partners.
This was the topic of discussion at a webinar organised by the Economic Times and SOPHOS titled – ‘Enhance the Supply Chain Security’ where some of the finest experts on the subject matter participated.
Quality Of Attacks Have Gone Up
In the welcome address, John Shier, Senior Security Advisor, Sophos informed that ransomware is a $6 billion enterprise, so there is a lot of financial motivation for these operators going.
“While ransomware attacks in terms of numbers have gone down, what has replaced that is the quality of these attacks. These operators are adding different layers of extortion,” Shier explained.
He stated that attacks in the past were only restricted to files getting encrypted or the systems getting disrupted, now the attacks are far more dangerous. “Now after your data getting stolen, they are involving the media, or your employees or the people outside your organisation to pressurise you into paying for the stolen data,” Shier pointed out.
Risk Of Attack In An Extended Work Environment
Global supply chains had become increasingly interconnected even before the pandemic and now even more so.
Anirban Sengupta, Partner Cybersecurity, PwC India revealed that this increases the risk of supply chain attacks. “Attackers infiltrate the third-party suppliers and exploit their trusted access to gain access to your environment. Once inside they can conduct all kinds of malicious activities,” he added.
The supply chain attacks have increased in the months of pandemic. “It is trust verses security or restriction. I can only influence my business partners to follow certain business practices but can’t force them to do so,” Sengupta said.
Need For Building Zero Trust
In the wake of the pandemic and the rise in the cyber-attacks, most organisations have installed cyber security in their systems, it is not adequate to prevent advanced attacks.
Unique Kumar, CISO, CK Birla Group stated the cyber attacker generally enters the internal system of an organisation through its weakest link that is the human element.
“The employee may get a harmless link and when he clicks on that, it would seem nothing has happened. But it has opened a back door, through which the attacker enters the systems. He enters the other system and its just a matter of time that the entire data falls to risk,” Kumar explained.
Solutions Need To Evolve All The Time
Service providers too are relooking at the entire gamut of the angel services which has led to connectivity and performance takes on a different connotation leading to an increase in the customer expectations.
Avinash Prasad, Vice President and Head for Managed Security Services and Content Delivery Network, Tata Communications stated that due to the pandemic even sectors like manufacturing who had no concept of working remotely had to get some of their processes work remotely.
“The internet-based collaboration model, the software supply chain and the integrated services came more and more to the fore making a leap towards a much more connected organization,” he said.
Potential To Have A Cascading Effect
Sachin Lala, Senior Director of Engineering, Blackhawk Network stated that it is important to look at the data security as a collective responsibility. “There is enough room for improvement and opportunity where we will be able to say, if there is adequate staffing available for human check,” he said.
He explained that there are enough number of tools for safeguarding but if it is not getting human attention on regular basis, then you have a problem.
Prevention Better Than Cure
Pawan Chawla, Chief Information Security Officer, Future Generali India Life Insurance Company stated that educating the employees is very much important.
“Every attack starts from a click, whether you do it in your personal time or in the organisation. That is the first stage where a hacker gets in. You need to create a cyber security framework for the organisation and need to come out with various training modules for the employees,” he said.
Sandeep Kulkarni, CISO & VP – IT & Cloud Operations, Icertis stated that the attackers are getting smarter, so the defences need to get smarter. “Companies are as secure as their weakest link. It is very difficult to compromise a system, it is easy to compromise a user,” he said.
This article has been written by Amit Shanbaug from Times Group.