Combating cyber threats

Combating cyber threats in the new normal

by | Aug 10, 2020 | Analysis, IT Security

A holistic strategy like threat lifecycle management and some specific measures such as browser isolation are both equally important.
Share to lead the transformation

The Covid-19 pandemic has impacted the information security priorities of enterprises drastically. With remote working becomes a new normal, IT and cybersecurity risks have grown manifold. The go-to-market needs of users have also transformed, and meeting client expectations in real time have become a challenge in the new environment. Combating cyber threats now needs a multi-pronged approach.

Despite stressed technology budgets, there has been a massive surge of optimism in the cloud and managed services solutions market due to organizations’ innate need to drive agility and scale. Businesses are continually looking at new-age solutions that could help their workforce deliver exceptional results even in the work-from-home environment.

Since millions of people are working remotely, there has been a deluge of new cyber and IT security threats that organizations are witnessing. According to a recent cyber threat report by SonicWall, a leading cyber security player, ransomware continues to be the most concerning threat to corporations and the preferred tool for cybercriminals, increasing a staggering 20% (121.4 million) globally in the first half of 2020. Moreover, 7% of phishing attacks capitalized on Covid-19 pandemic while there was 50% rise of IoT malware attacks. The report said it analyzed threat intelligence data gathered from 1.1 million sensors in over 215 countries and territories.

According to the Covid-19 Threats Report by McAfee Labs, the first quarter of 2020 saw significant increases in several threat categories. During this time, cybercriminals seem to have exploited the vulnerabilities caused by the pandemic and tried to make a substantial impact on the networks. The report states that the new mobile malware increased by 71%, primarily due to trozons, and total mobile malware grew by about 12% over the previous four quarters. Interestingly, new IoT malware saw a 50% increase.

This emerging threat landscape has compelled organizations to aggressively focus on disruptive technologies and solutions that could enable them to innovate confidently and provide consistent value to their clients without breaching trust.

Let’s look at how organizations can enhance their security architectures during these unprecedented times and reduce IT security risks.

Focus on threat lifecycle management

A continuous focus on the entire threat lifecycle management (TLM) provides much-needed assurance for tackling any unforeseen scenarios. Organizations need to evaluate the information assets that they need to protect continually, and then take advanced measures for detecting and mitigating cyber threats.

The depth and quality of threat intelligence softwares can help enterprises achieve the much-needed IT security resilency, even for employees who are on their home networks. Some of the major companies that are providing robust threat intelligence management solutions in the market are: IBM, Dell, Trend Micro, Symantec, Check Point, F-Secure, McAfee, and Juniper.

Upgraded tools and methodologies

As cloud deployments become more and more intricate, organizations should ensure to assimilate multiple ways of inventory classification and include them in overall asset management strategy. In the multi-cloud environment where organizations want the best of public and on-premise worlds, the list of cloud applications can change very quickly. Hence, enterprises should have the necessary tools and methodologies to know:

  • List of cloud inventory on their network
  • Why they exist
  • Are they still important?

Incident response automation

By employing security automation in cloud environments, organizations can control the damage at the right time. Automated incident response tools enhance the detection capabilities of vulnerabilities and threats. It accelerates the response time in the event of a security alarm and free up the time of security teams to focus on high-impact alerts. Some of the leading players in this segment are: FireEye, IBM, AT&T, Symantec, Verizon, and DXC Technology.

Browser isolation technology

Enterprises have been using sandboxing, a software management technique to isolate various enterprise applications from critical resources, as part of their efforts to strengthen security against new-age threats. However, in the current environment, information security practitioners consider web browsers as a chief target for cyber attacks and recommend to implement isolation technologies to physically isolate an employee’s web browser and related activities from the local machine and the network.

This model enables enterprises to track and identify the routine infiltration points on their networks and take remedial measures immediately.  Major vendors operating in this segment include Symantec, Cyberinc, and Web Gap.

There are also other tools available through which organizations can quickly isolate affected systems and analyze the breach methodology to prevent such instances in future.


Tech M using AI to help find Covid-19 cure

Tech M using AI to help find Covid-19 cure

Makers Lab, the research and development (R&D) arm of Tech Mahindra, a company that provides digital transformation, consulting, and business reengineering services and solutions, is leveraging Artificial Intelligence (AI) to conduct research and help find potential therapeutic drugs for potential coronavirus treatments. This may be seen as a important effort in using AI to find a Covid-19 cure.

In an official release shared with analysts and media, the company said that it was collaborating with renowned bio-scientists for plausible therapeutic drugs and research laboratories for synthesizing and testing these compounds.

“The Covid-19 disease continues to disrupt the socio-economic order, impacting lives and livelihood globally. As a leading global digital transformation provider, Tech Mahindra is not only committed to ensure the well-being of our employees, customers and partner ecosystem; but we are also invested in finding a potential cure for Covid-19 by leveraging cutting edge and futuristic technologies like Artificial Intelligence,” said CP Gurnani, MD & CEO, Tech Mahindra in the release note.

“Our objective was to prevent the entry of virus into human host cells such as lung airway epithelial cells. This is important because the high transmission rate of Covid-19 is attributed partly to the high affinity binding and entry of the virus into host cells. Once the virus cannot enter the host cell, it is harmless,” said Nikhil Malhotra, global head of Makers Lab, Tech Mahindra in the statement.

The R&D team has used Molecular docking approach because of high transmission rates of Covid-19. Molecular docking enables search for therapeutically potent drugs and molecules in real time, to find compounds that can act as inhibitors against a viral protein computationally. Tech Mahindra claims to have conducted molecular docking studies across 19 Food and Drug Administration (FDA) approved ligands and anti-viral drugs on the main protease of the virus.

Tech Mahindra notes that more work was needed to be done to move the process from molecular docking to actual drug design, testing, and drug development at scale. This is just the first step, where computational analysis can reduce the amount of time taken to narrow down the search amongst the vast array of molecules present in the process of finding a cure to Covid-19.

See also: How smartphones could be Covid-19 testing game changers.

About Tech Mahindra’s Makers Lab

As part of the TechMNxt charter, Tech Mahindra’s Makers Lab is focused on developing future-ready solution by leveraging next gen technologies such as Artificial Intelligence (AI), Machine Learning, Robotics, Internet of Things (IoT), Augmented Reality/ Virtual Reality, 5G – Network of the future. There is a range of business problems that Makers lab aims to solve in the future to enhance citizen services and customer experiences.

Will Apple bite India’s manufacturing bait?

Will Apple bite India’s manufacturing bait?

In the wake of ongoing crisis, several global businesses are deliberating to shift their supply chain away from China in their bid to regain the lost momentum in the post Covid-19 business world. Apple is no exception either. Going by several media reports, the electronics and technology giant, plans to move almost a fifth of its production capacity from China to India. If this materializes, it could translate into sizable benefits for both Apple and India.

Incidentally, Prime Minister Narendra Modi, in his 8 pm address to the nation on 12 May, advocated for building a “self-reliant” India and supporting the local products by a greater measure. Local manufacturing would make Apple better aligned with those sentiments as well.

For India, this could be a chance for globally showcasing its low-cost manufacturing model and in due course becoming a strong production alternative to behemoths like China. For Apple, to bite India’s manufacturing bait could be an attractive means to leverage the country’s IT talent and also discover the subtleties of the market at a more micro level. For consumers, there could be potential benefits in the form of more budget friendly devices, including iPhones.

Growing smartphone market

Apple is cognizant of the fact that it might not see a surge in iPhone demand from European countries and the US anytime soon enough. On the contrary, the impact of Covid-19 is not expected to be that steep in India, and so it may be fruitful for Apple to build new business models to mitigate the future growth crisis. While India’s market may not have been that big as far as premium smartphones and devices are concerned, Apple has witnessed a double-digit sales growth for the last couple of years.

It is worthwhile to mention that only last year, India’s share in the global smartphone production saw a substantial leap to 16 percent from 9 percent in 2016. One of the main causes for the jump was the trade war between the US and China, due to which, many handset makers cut down output in China. The Indian government lapped up the opportunity by introducing several incentives to the movers.

Boost for Make in India 

India’s mushrooming digital economy and harmonious relations with most of the countries offer a much stable outlook to companies for speedy business revival. Apple, with more than 400 million paid subscribers across its services such as cloud, App Store, payment services such as Apple Card, can also look to replicate its success locally.

Considering the need for creating a strong manufacturing ecosystem, the government already has the production-related incentives (PLI) scheme in place to encourage local production.

Boosting local production in India, however, is not without challenges for Apple. The company has spent close to a decade to streamline supply chain across China’s coastal regions and support over 5 million jobs. Replicating similar models afresh in India would require a solid support system from the government.

Even after the launch of the much-publicized Make in India initiative six years ago, India’s manufacturing has not been able to take off in the manner expected, accounting for just about 15% of the country’s GDP. In China, on the other hand, manufacturing contributes over 40% to their GDP.

That could change if India manages to influence world’s most influential consumer electronics company to shift a significant percentage of its manufacturing here. Such a move could give a much-needed fillip to India’s manufacturing growth aspirations.

Covid-19 lessons for accelerating AI usage

Covid-19 lessons for accelerating AI usage

Covid-19 has triggered new layers of intricacies in an already complex IT security landscape. A sudden spike in work-from-home instances means that the threat actors have gained access to a new range of potential vulnerabilities to exploit and attack corporate networks. The developments also have lessons for accelerating AI usage.

This new wave of security challenges is giving endless nightmares to CISOs. With the limited resources and budgets at hand, the fight against the armies of threat actors and threat vectors is now tougher than ever before.

Artificial intelligence (AI)-based tools could help fill up these resource gaps, and thus significantly help CISOs meet their IT security goals.

Here are a few Covid-19-themed IT processes to consider:


In the realm of information security, sanitization is about having a set of access hygiene in place. Typically, many users are not mindful enough of security guidelines when accessing enterprise applications, which increases the chances of the network getting infected.

AI tools could be used to ensure that all user devices comply with the information security hygiene as outlined in the IT or security policy of a given organization. For example, when a user starts a mission-critical application, an AI bot could get triggered, to ensure that the device is not running any other application that has the potential to open a threat window.


It is important for the CISO to ensure that all data exchanges between the users and the core enterprise IT system are duly masked, say, through a randomly generated end-to-end encryption. This way, it becomes difficult to snoop or hack into a specific device or user.


If, during the course of a session, a given user device gets breached or turns rogue, then an AI tool should be able to trigger a circuit-breaker so that the device under consideration is quarantined from the rest of the user community. This ensures that even if a malware affects a part of the ICT infrastructure, the artificial intelligence tool stops it from spreading to the rest of the system. The CISOs could then focus more on cleaning and restoring the affected part of the system, rather than firefighting to contain a potentially dangerous spread. It goes without saying that this also saves the organization from a likely downtime.


If, despite all preventive measures, a hacker or a malware manages to bluff the AI (as well as the CISO’s team) and succeeds in attacking the IT system, then the AI agent should at least be able to trigger an automated lockdown of all information systems. At the same time, alerts should go out to the designated members of the incident response (IR) team. The IR team could then spring into action, starting with a study of the log maintained by the AI agent. The AI tool comes handy here too. It helps accelerate the action plan of the IR team for reducing the downtime and ensuring business continuity during the downtime.

While CISOs have long been evaluating different applications of AI, it’s time that they should consider it more strategically. Covid-19 lessons for accelerating AI usage in information security can be particularly useful in sectors such as banking, R&D, defense, and among others.

Zoom takes steps to plug vital security gaps

Zoom takes steps to plug vital security gaps

Among the biggest beneficiaries of Covid-19-induced lockdowns have been the videoconferencing apps. With remote work becomes the new normal, enterprises and government organizations are swiftly resorting to video conferencing apps to connect with their employees, customers, and stakeholders. However, unplugged security gaps in a few apps have been a cause of concern.

Zoom, in particular, has experienced a tremendous surge in its user base, from 10 million daily users in December 2019 to more than 200 million daily users in March 2020. Consequently, the company’s fortunes have skyrocketed in the past few months.

As Zoom’s user base swelled, a number of security-related concerns too surfaced. The media coined a now infamous term “Zoombombing,” which refers to the unauthorized intrusion of a person into a Zoom call hosted by another person.

In the first week of April, these security concerns negatively impacted Zoom, after which the company sprang into action to take corrective measures and plug the security gaps.

The latest of these measures was announced on 5 May in a Zoom blog post. “One really great Zoom security feature that was released this past weekend gives you more control over the use of personal meeting IDs (PMIs) in your organization. With this latest release, Zoom account owners and admins can now disable the use of a PMI for scheduling or starting an instant meeting,” the post noted.

It added, “Because PMIs are always accessible using the same ID or meeting link, anyone can join unless they’re properly secured. Disabling the use of PMIs reduces that risk altogether and doesn’t leave PMI security up to individual users. This option to disable PMIs can be locked in the account or group level.”

Rising fortunes

Except for a brief period in early April, the Zoom stock on Nasdaq has seen a relentless climb during a four-month run. The stock hit its historical high of USD169.09 on 23 April 2020 from USD66.15, on 23 December 2019, witnessing nearly three time jump during this period. Zoom’s recent measures to plug the security gaps are likely to pay off even more, going forward.

In India, as in many other countries, Zoom has seen a phenomenal rise in terms of usage. As surveyed by telecom business magazine Voice&Data, “… an overwhelming 54% of corporate respondents in India indicated that they were using Zoom as a tool to enable collaboration between remote workers, as well as for communicating and networking with clients since 25 March 2020, when the nationwide lockdown became effective in India.” The survey further noted, “While 40% of respondents said they use WhatsApp, over 31% indicated using Microsoft Teams for collaboration and communication. Skype and Webex are the other two most popular tools ranking #4 and #5 respectively, with 29% and 26% of those surveyed saying they are using these for business continuity.”

Some inhibitors

Educational institutions, mainly schools and coaching institutes, have been among the key contributors to the surge in Zoom’s user base. However, they are unlikely to be contributing to its top line, as the teachers mostly seem to be using the free version. Since meetings set up using the free version could hold up to 100 participants and last for 40 minutes, they are good enough for organizing online classes divided into periods of 40 minutes each.

The recent concerns around security have been a put-off for some, if not all. Better World is aware of at least one school in Bengaluru that decided to stop using zoom. It opted for Webex instead. The decision came in after one teacher raised concerns before the school management after reading news around the lack of security features in Zoom. Since she was using her personal device in a work-from-home scenario, she was apprehensive that her personal data could get compromised in the wake of a breach.

In another example, a user refused using Zoom, noting that his mobile wallet app issued warning against using the videoconferencing application while accessing the wallet. The other option would have been to not use the mobile wallet application. He decided to keep the wallet app and uninstalled Zoom.

These were all examples of institutions or individuals using the free Zoom versions. Besides, the users in the examples discussed above, have noted that they would be open to reconsidering the application if the security concerns got duly addressed. Zoom, hence, would need to make consistent efforts to adopt the advanced security practices and plug the security gaps. These measures will help it more positively meet the ongoing demand explosion.

Purchase drivers

When it comes to premium versions, Zoom appears to be quite buyer-favorable. It provides the pricing information upfront and allows users to purchase most of the plans quite seamlessly. On the other hand, Webex no longer offer these options, which is quite strange because it used to do so a few years ago. A potential buyer is required to fill up a form, stating one’s requirements. Then, in the next few hours, a salesperson responds seeking some more details. Rather than facilitating a buyer, this serves as a deterrent.

Apart from being buyer friendly, Better World also found Zoom to be quite intuitive and user friendly. With the new enhancements that the company has come up during the weekend gone by, it has also addressed the security concerns to an extent.

The app, has certainly upped the ante in the videoconferencing space. It is no coincident that internet majors, Google and Facebook, announced significant new developments for their respective apps, Google Meet and WhatsApp, from integration and feature perspectives.

This week, Google rolled out an integration of Meet with business Gmail, which allows users to intuitively launch a Meet session from within their business Gmail account. Facebook, on the other hand, lately announced that WhatsApp video calls would now be able to include up to eight people instead of just four earlier.

The somewhat sleepy video conferencing segment is suddenly getting more and more active. Going by the market trends and the Covid-19 anxiety, enterprises are likely to allow a good part of their workforce to continue working from home even after the lockdown eases. This is likely to give information-sharing platforms an unforeseen advantage to enjoy long-term success.

Can renewables survive cheap-oil onslaught post Covid-19?

Can renewables survive cheap-oil onslaught post Covid-19?

The Covid-19 pandemic has abruptly disrupted the growth projections for almost all sectors and industries, and the energy sector is no exception. Pandemic-induced lockdowns have triggered a precipitous decline in energy demand, with a boon also coming in the form of significantly reduced carbon emissions. Renewables are under threat of cheap oil.

CO2 emissions have dropped the most ever due to the Covid-19 crisis, says a latest report from International Energy Agency (IEA). “Global energy-related CO2 emissions are set to fall nearly 8% in 2020 to their lowest level in a decade,” it says.

The report, however, warns, “Experience suggests that a large rebound is likely post crisis.”

In the recently published Global Energy Review, IEA, also says that due to the ongoing crisis, the energy demand is expected to fall by 6% in 2020, which is seven times the decline since the global financial crisis of 2008. This fall is equivalent of the energy demand from all of India, a nation of 1.3 billion people and the world’s third largest consumer of energy.

The partial to complete lockdown of global economies has triggered a massive slump in demand for fossil fuels such as coal, oil, and gas. Due to the suspension of the international as well as inter-state and even intra-state travels, oil demand is expected to see the biggest drop in demand, threating to erase gains accrued in nearly a decade.

Green-technology market observers see this decline as a staggering blow to the clean energy momentum gained in the recent years. However, it is also true that if we decide to take a proactive approach, this could be a monumental opportunity to elevate our focus on renewable energy endeavors.

Let us analyze how the current situation could impact our sustainable future.

IEA stays bullish on renewables

“Renewables are set to be the only energy source that will grow in 2020, with their share of global electricity generation projected to jump thanks to their priority access to grids and low operating costs. Despite supply chain disruptions that have paused or delayed deployment in several key regions this year, solar PV and wind are on track to help lift renewable electricity generation by 5% in 2020, aided by higher output from hydropower,” notes IEA in its report.

A report titled Mapping India’s Energy Subsidy 2020, conducted by the International Institute for Sustainable Development (IISD) and the Council on Energy, Environment and Water (CEEW), try to examine how the Government of India (GoI) has used subsidies to support different types of energy. It states that the Indian government is still providing over seven times larger subsidies for fossil fuels as compared to subsidies for alternative energy. The recent world oil prices crash provides an opportunity to India, which can look at freeing up revenue by temporarily eliminating petroleum product subsidies while announcing stimulus for those companies who brace clean energy transition. For instance, due to the low oil prices, industry may witness a short-term dip in the electric vehicle uptake or deter the economic consumption of biofuels. To neutralize this, government should introduce electric vehicle incentives as part of the economic stimulus packages.

Industry observers see this as an ideal time to be investing in renewable energy. Not only it enables countries to create new jobs and make economies stronger, but it will also help us create a more resilient and better world. “It is still too early to determine the longer-term impacts, but the energy industry that emerges from this crisis will be significantly different from the one that came before,” notes Dr Fatih Birol, the IEA Executive Director in the Global Energy Review.

Dilemma for governments

It is apprehended that many countries could shift focus away from renewable energy efforts as their singular focus would be to restart up their economic engines as quickly as possible. They are quite likely to go for the traditional energy sources, owing to the sharp decline in their costs. In particular, oil prices are at a historical low, with the Brent crude having traded even at sub-dollar levels for a while in April 2020.

The triad of oil, gas, and coal form the core of the mainstream energy sector and any further disruption or closure of it could be crippling for the global economy itself. In India, for instance, almost 5% of the government’s total revenues from customs and excise, come from Reliance Industries Ltd., which in turn has most of its revenues coming from its oil refinery business.

Structural changes are needed

Considering the ongoing crisis, timely adoption of clean energy resources would be more significant than ever. United Nations Economic and Social Commission for Asia and the Pacific (ESCAP), in a recently published blog,  notes that any suspension of clean energy efforts could pose grave threat to vulnerable communities of the world, especially in the Asia-Pacific region. It states that on the clean cooking front, slow progress in mainstreaming clean cooking solutions could see a dangerous combination of indoor air pollution and Covid-19. In this context, it notes, “Scientists are investigating links between air pollution and higher levels of coronavirus mortality, with preliminary results showing probable correlation between the two.”

Indeed, it is important for governments to plan and implement structural changes by earmarking requisite investments in transitioning to clean energies. Once the pandemic wanes, everyone would be busy taking decisions that could help kick-start economies. So to ensure that clean energy technologies feature substantially in the forthcoming recovery plans, there is a need to take some strategic decisions now. For a growing economy like India, which has been witnessing one of the highest growth rates in carbon dioxide emissions (CO2), it is extremely vital to prioritize clean energy transition.

What’s in it for India?

For India, while crude oil would continue to play a critical role at this stage of development in meeting country’s energy requirements, the Government had earlier set out a road map for reducing India’s crude oil imports by 10% by 2022. India’s Minister of Petroleum and Natural Gas and Steel Dhamendra Pradhan, had said in a keynote in January 2020, “We are in the process of developing new strategies and initiatives to achieve this target. We are working towards transformation to a gas-based economy, tapping into indigenously produced biofuels, apart from adopting renewable energy and energy efficiency measures, to achieve the much-needed carbon reductions. As part of the energy transition, decarbonization of the energy sector is picking up momentum in India.”

One also needs to be cognizant of the long-term repercussions, if we do not step up and accelerate the development of renewable energy sources such as wind, solar PV, and hydropower.

India has the opportunity to leverage low costs of crude oil to shift subsidies from fossil fuels to renewable energy brackets. This could, in fact, help accelerate the transition to clean energy rather than deaccelerating it.

If India could succeed in mainstreaming the renewable energy sector, it would also be able to insulate it from oil price fluctuations in future. This would increase the country’s attractiveness from an investment perspective too, and consequently make its economy more sustainable in the long run.

Policymakers need not put economic recovery and sustainable energy goals in two different baskets. In the post-Covid-19 environment, polices around clean energy subsidies could very much be accelerated. This would help us build a better, cleaner world, where economic growth and sustainability coexist.

What it takes to secure IT in the Covid-19 era

What it takes to secure IT in the Covid-19 era

Prashant Shroff (name changed), the CISO of a leading consulting firm had many sleepless nights last week owing to the ongoing cyber threats that have rapidly increased amidst the recent coronavirus outbreak. If the IT threat landscape was already huge and complex, to secure IT in the Covid-19 era has amounted to hitherto unthinkable challenges for him.

In the wake of the pandemic-induced lockdown, Shroff was tasked with the responsibilities of further securing the complex IT infrastructure of his organization at a time when 95% of the workforce was working from home. The business continuity had to be maintained. He had to also prepare a dependable and secure exit strategy in advance for the scenario when lockdown was, first partially and then fully, resumed in due course of time.

The mettle of the CISOs has been tested like never earlier. Like Shroff, CISOs across multiple sectors and industries are facing several challenges to ensure the line of work continuity while reducing the threat of data breach. The obvious apprehension is that the existing security policies may not withstand the new challenges that have suddenly developed. Security has become even more vital for organizations to enable remote workers operate efficiently.

Based on multiple informal interactions with CISOs, we have identified five key gap/focus areas for CISOs in the post-COVID era.

  1. Employee trainings: While in many cases business operations have been suspended, mission-critical assets are faced with the risk of being exposed and getting compromised. Security practitioners did not get enough time to train their large workforce on the best practices for accessing the remote applications securely. Understandably, given the announcement of sudden lockdown around the world, not many organizations had enough time for such a large-scale work-from-home (WFH) transformation. This could impact the businesses when normal operations are resumed. In the post Covid environment, organizations are expected to design best practice tools, resources, and applications that better support remote working and provide essential practical trainings to employees for malware and phishing preventions.
  2. Modernize VPNs: For a CISO, the second biggest challenge would be to modernize their organization’s virtual private networks and ensure that these are designed for extended usage, and that the networks were further equipped to support any large-scale WFH scenarios. The practical and effective strategy that works to address this challenge is ‘zero-trust’ network security approach—a contemporary lens that treats everyone who access organizational network as suspicious and distrustful. (See: Covid-19: Reimagining work with a zero-trust lens). There is also a significant interest in implementing high-end secure DNS servers for online protection. Yet, like theirs C-suite peers, CSOs will be under pressure to create this new security approach, priorities, and workflows with a lesser budget, in view of an imminent economic downturn.
  3. Unverified software and endpoint security: When offices start reopening, organizations may witness scenarios of employees downloading unverified software and instruments to facilitate their work, without obtaining approvals from the IT team. Also, at times, there may be no option but to allow WFH users to install and use applications that may not be fool-proof. Working from home for such a long time may have also relaxed the use of company-approved laptops for purposes such as entertainment and accessing various utility websites. This could be putting IT assets at high risk or even throwing compliance to the wind. CISOs need to ensure that their endpoint detection and response solutions (EDR) are able to record and detect all suspicious system behaviours and block malicious activity when employees are back to their offices later.
  4. Risk from unknown and new devices: In the post-Covid phase, CISOs will need to run a marathon scanning of all the new and unknown devices that employees may have used for work during the Covid-19 emergency. Many of the employees’ personal devices may have been sanctioned for work by organizations in view of the lockdown situation for ensuring business continuity. When these devices would later be connected to the corporate network for data transfer or other such purposes, they will present a grave security risk. CISOs and their teams will need to be careful that these devices were updated with latest security patches and operating systems before reconnecting with the network.
  5. Remote onboarding and offboarding: This is an interesting yet delicate area for the CISO to reflect upon. Many global organizations and SMEs continue to hire and witness employees exits during the ongoing pandemic. In order to ensure business continuity, IT departments have approved both employee onboarding and offboarding remotely. For new hires, approving access to all the tools and systems remotely needs a well-equipped security strategy. It should focus on the best ways to provide authorization to the network and other infrastructure, thus enabling employees to use their personal or approved devices for network access. It also requires establishing and maintaining a powerful remote domain controller set-up to ensure the safety of corporate network.

On the other hand, employees who are exiting from an organization may have been asked to hold the office approved assets with themselves until there is a further travel advisory. In such cases, organizations need to have a mechanism to remotely turn off access to every system to which the employee may have access. CISOs are expected to enable the best identity and access software and policies that could timely prohibit any access even when an employee holds a company approved IT asset for many days after his exit.

After the pandemic is over, it may be difficult to fully reset to the past. However, if not applying these security measures immediately after the Covid-19 situation, organizations may face the risk of the threat vectors impacting the otherwise secure IT landscapes.


Submit a Comment

Your email address will not be published. Required fields are marked *

Join to get the latest updates from Better World.

You have Successfully Subscribed!