Deloitte outlines a 5-Step Security Approach for the Digital Enterprise

Last week’s Deloitte’s 9th Global Millennial Survey 2020 stated Cybersecurity to be a top concern amongst Indian enterprises. According to the survey, the unprecedented COVID-19 times drive the need to ‘go digital’ in all aspects of business through virtualized infrastructure, and work from home (WFH) becomes the new normal, the sophistication and frequency of cyber threats have also increased in recent months.

The research shows a whopping number of Cyber-attacks that have been witnessed by large enterprises and SMEs operating in India in the past week alone. The survey further states 86% of millennials and 83% of Gen Zs agreed prefer the option to work from home in the future as a way to relieve stress.

“In the era dominated by digital transformation, Indian enterprises have been susceptible to some major cyber-attacks and threats as a result of businesses transitioning to cloud with broader networking capabilities,” Shree Parthasarathy, Partner and National Leader – Cyber Risk Services, Deloitte India told CXOToday.

Parthasarathy believes, while these threats are not new, their sophistication and frequency have increased and there is an immediate need for businesses to draw a crisis management and resiliency plan of action.

With Work from Home (WFH) becoming the ‘new normal’ amidst COVID-19 crisis and cyber attackers and virus lurking in the shadows, enterprises can adopt a five-step approach to reassess their exposure to Cyber challenges and secure their enterprises, as per a Deloitte perspective.

1. Implement multi-factor authentication: Organizations should enable multi-factor authentication (MFA) across all internet-accessible remote access services including: Web and cloud-based email, Collaboration platforms, Virtual private network connections and Remote desktop services.
2. Implement an ongoing cyber threat education and awareness program for organizational users:Educate users on current threats, the dangers of opening attachments or clicking links from untrusted sources, and the basic actions needed to prevent infection. It is important to educate users to be wary of unexpected email messages, and to authenticate them with their ostensible senders before opening any links or attachments within them.
3. Know your most critical data and systems and where they are located:Not all data and systems are of the same value to organisations and attackers. Knowing the ‘what’ and ‘where’ of critical data and systems allows you to target resources on your most important assets first. Critical data and systems can be overlooked, especially when trying to protect everything in an organization. Ensure critical data is backed up and systems are recoverable
4. Update your patching regularly:Internet-facing infrastructure is a primary target for attackers. By patching this infrastructure, you can help prevent attackers from exploiting known vulnerabilities in the software in order to gain access to your network and systems. It is recommended to apply patches within 48 hours of release
5. Monitor and analyze activity on your most critical systems:A critical component of protecting your environment is to understand what is happening in real-time. Without this visibility and what has already happened to your systems and data, you are effectively operating blind.

“A robust and consistent layer of identity and access management built with a multi factor authentication and encryption policy will help in aligning a thoughtful cyber security policy to overcome the dual crisis hovering over the country,” summed up Parthasarathy.