Covid-19 brought the biggest transformation that mankind has ever seen

SANJAY SAHAY
IPS - TECHNOLOGY EVANGELIST

As remote working has become the new normal with the outbreak of Covid-19, cybercrime has reached to a new height. In a chat with VARINDIA, Cyber Security Guru, SANJAY SAHAY, IPS - TECHNOLOGY EVANGELIST has shared his views on the current scenario of cyber security, while remote working is the new normal. Though chosen voluntary retirement this year, Sanjay is serving the nation with his expert commentary on cyber security trends and cyber policies. Post graduated from St. Stephen's College, Sanjay through the course of time became a technology evangelist.

According to him, “Today we are living in an age of digital transformation, but unfortunately as seen in the last 20 years, the industries were never able to accomplish this transformation before COVID-19 break through. The pandemic forced us into this digital transformation. Everything has converted - our world, fun, entertainment, communication, watching movies, banking transaction, our intimate social interactions into one single gadget. This is a new paradigm, home and laptop have become the harsh realities of today's existence.

To live in a safe and peaceful manner, responsible digital learning is required. While people will be able to exploit the benefits of the internet age, they also learn how to navigate the digital world without getting exploited. Cyber Security today is as complex and as an enterprise. The business world exists today on cyber security.”

VULNERBILITIES OF ‘IT’ ECOSYSTEM

Nearly 74% transition is not happening to the most secured gateway because of the security purposes. Today, all over the globe IT behemoth is happening on the cloud. IT ecosystem is a very complex network where at large points vulnerabilities arise. Sanjay says, “To take care of this old vulnerability end to end can be precisely called a cyber-security. It might be caused due to data, servers, port, and lack of patch management, organizational culture or the lack of direct training imparted to that particular individual. It might be because of any other physical factor too. There are instances wherein physical factors have played a key role.”

"A very integrated support system is needed now, due to the work scenario, not only data center is needed but Disaster. Recovery Center is also needed. Work from home brings in a totally different environment; the office environment was secured from the digital point than the extension to home."

From Sanjay’s point of view, at first an organization’s CIO, COO or CEO should know the nature of cyber security it requires. If they do not understand the requirement of their organization then there is a chance of cyber breach. “Until and unless we understand the old data lifecycle from the company’s creation, last usage interface, it will be extremely difficult to understand what will be the nature of cyber security. There are standard systems which are operating all over the globe. It is also happening that cyber security is getting weaker by the day.” Sanjay says.

He further added, “We are living in an age where cyber security is a very dynamic field. It changes with the nature of connectivity, nature of human resources to employ, train, recruit and develop. If you are not ready to understand and learn, all the standards will become next to impossible to keep yourself set. A decimation of most of the enterprises happens because of the lack of cyber security. MS Office is the largest targeted software, nearly 70% of the attacks happen on it. Nonetheless, all of us use this because we do not have a choice.”

ALWAYS BE READY FOR AN ATACK

Warning against the cyber-attacks, Sanjay says, “Everyone connected to an enterprise is not able to understand the cyber security ecosystem. The persons who are providing the resources are also unaware as to what they are providing. This is the crux of the problem, the subset where security experts stuck up and go for a management approval. They are not able to explain that in case of a cyber-breach. The earliest or the average time needed for that particular detection is around 200 days. We have to be always be ready for an attack. And the more you prepare in better place you are. So that is the strategy to an undeclared war, which is going on. Hackers have to look for only one gaping hole by which they can attack and we have been hearing of these attacks over and over again.”

RESILIENCE IS THE KEY

As attack is obvious, Sanjay suggests having resilience. The CIA Triad (confidentiality, integrity and availability) is the key on which the whole functioning of the enterprise runs. He says, “It is your capability to bounce back into business in the shortest possible time, at least with the skeletal services, this is the capability which all the customers are looking for. Nobody will believe that they are absolutely safe and nothing is going to happen. Even if it does happen, you have the capability to safeguard at least the most vital of all information. Cyber Security has to be factored in the company valuation. You have to understand what are the goals, the processes and the impact. As all of these are combined, you will get a situational awareness with COO and CEO. If you get into a medium sized company or a big company, you realize that basically only 28 to 200 software solutions on cybersecurity are functioning. The software solutions are running in different parameters for different sectors or servers or network for software applications. Literally, nothing can give you the whole cyber security stance of your enterprise on one single network.”

RNSOMWARE & DATA BREACHES

Sanjay finds out that the length between ransomware and data breaches is continuing to blur every single day. At the back end of the ransomware attack, it is a phishing attack. “It is spearfishing people who deserves position, power and capability to give you all that data access by fooling. Ransomware having the capability to get into your data and literally encrypt it in a manner which will be next to impossible for you to do anything with that. In this Covid-19 situation, nearly 11 big data breaches have occurred costing nearly $144.2 billion. COVID-19 has changed completely everything. It has been the biggest transformation mankind has ever seen. Also, the biggest digital transformation, which we have always visualize and the company has always wanted to happen.” comments, Sanjay.

PANDEMIC & HACKING

Talking about the current hacking process, Sanjay says, “As we talk about data breaches, this particular year 80% of the breaches is due to COVID-19 websites. The COVID-19 websites may relate to helping COVID-19 patients to support, help and lots of other areas. Most of them have some element of cybersecurity compromise. Once you click on that particular payment or any way it goes through the wrong direction and reaches to the hackers and most of these downloads or links are connected to something which is nefarious. As all of us are scared in this current scenario, we tend to get into that particular maze and once you click onto that attachment, then the situation is totally different. I have received a lot of complaints from people who have been frauded and cheated in this manner. Health sector is primarily under severe attack.”

A very integrated support system is needed due to the work scenario, not only data center is needed but Disaster Recovery Center is also needed. Work from home brings in a totally different environment; the office environment was secured from the digital point than the extension to home. People started to roll over to the private network everywhere, using their gadgets. But big companies have provided infrastructure to their employees. Though they are safe in that infrastructure but remote working has given rise to cybercrimes.

Sanjay, perceives, “We are basically sitting on a virtual digital landmine or worker landmines. There are lots of things where the stuffs do not get the right sort of the connectivity because of the public WiFi. Most public Wi-Fis can be compromised earliest in the process, the employee and the company both can be hacked.”

RISK ASSESSMENT, THE RIGHT WAY

Stressing on the risk assessment first, Sanjay says, “You have to treat all these factors as a part of your risk. Risk assessment in the post pandemic time, or in the penalty phase should be documented. If you do not know the risk itself, there is absolutely no strategy by which you can mitigate the risk. We have lots of work force which is being referenced; these people who are moving out of companies, they are certainly carrying a grudge. They are nursing a grudge that injustice has been done to them. If they fall into the wrong hands, they might leak secrets, or might become cyber criminals themselves. So we have a whole load of floating, unemployed, cyber enabled people who are there in this world. The Business Continuity what has to happen in the pandemic is very different to what you had imagined as a part of the business. There was hardly any business continuity plan, where pandemic was a part. We are left with no choice but to create a business continuity plan with pandemic incorporated. So the whole digital scenario from the utilities, tools, hacking groups, the ledgers to equity , to ransomware, quality of the encryption use, the capability of these people and the capability of lack of attribution, all of these things have messed up the whole scenario. Another year not left with much choice, but to work in a much dispersed digital environment in which we never find our way.”

“We are living in an age where cyber security is a very dynamic field. It changes with the nature of connectivity, nature of human resources to employ, train, recruit and develop. If you're not ready to understand and learn, all the standards will become next to impossible to keep yourself set. ” 

AT LAST

The way to handle cyber security is important; it has greatly increased the functioning of the security experts. Their very existence is based on cyber capability and robustness of cyber security. Enterprises help that business capability to deliver everything actually hinges on the capability of cyber security. Any hack brings those capabilities down the trust and loyalty to that particular brand. Giving an example of a city of Belgium, Sanjay describes the process of ransomware and how it is affecting not only common people but also the government. “It was a mega ransomware attack, and the whole government out of their senses on that particular point in time. The attack affected nearly 1 billion computers in the

U.S. in a while. The attack is an outcome of lack of management for monitoring. In the history of cyber security it has been seen that ransomware attacks happened only in cases of a large number of public utilities is woven in the company. The money had to be paid due to the cyber incident. But there is no way to solve the problem. Government agencies, municipalities or private companies which are mostly public limited companies hit by this kind of attack. I do not think to pay them is the right kind of approach. Resilience is something which we are not working upon. After two years, when I presume that the whole patch management will happen not only in India but also in a place like U.S.”

In this way, Sanjay has correctly estimated cyber security, where the security leaders are placed, what is their capability, how they move forward.