By Shrikant Shitole
Over the past several weeks, organisations around the world have instituted work from home (WFH) policies. There has also been a spike in the percentage of cyber attacks and breaches, particularly after the lockdowns were imposed. A significant percentage of employees working from home were not necessarily in a secure environment. The risk is higher as a huge amount of data is vulnerable to external servers. The cyberspace in India needs to always be on high alert, and organisations need to be on the lookout for two escalating risks brought about by this evolving event. First, the large increase of phishing and social engineering campaigns that use public fear to enhance their effectiveness. Second, the increased risks due to WFH employees and an increase in online transactions.
In this current situation, when there is a pool of information that is passed through emails and the cloud, healthcare operations, related manufacturing, logistics, and administration organisations, as well as government offices involved in responding to the crisis are increasingly critical and vulnerable to disruptive attacks such as ransomware. The threat is induced as cyber espionage actors are seeking to collect intelligence and to deliver malware in an effort to establish a foothold into the corporate network through phishing tactics. This could lead to affecting an entire security system with just a click.
Any user on the Internet is prone to an attack if he engages with an unknown source on social media or through email even with the mere intention to support a cause or create a discussion. The same applies to any staff working in an organisation, who may or may not be aware of the threat. As email is a primary attack vector, organisations must continue to focus on both building user security awareness and hardening their technical mitigation and detective controls. Below are the tools for email security that organisations should consider implementing:
Enforce multi-factor authentication (MFA): Simply setting up a process to login to your Microsoft Office 365 on the web by assuring multiple authentication can help in preventing an attack through emails.
Configure spoof protection controls: One can restrict traffic and prevent several Denial of Service attacks (DoS) by configuring spoof intelligence control in the system.
Validate email security gateway implementation: Implementing an email security gateway that checks the domain of incoming emails, can help detect a threat and alert you before it affects your system.
Formalise phishing reporting process: Reporting an attack, even if it is just a scam email is important. Organisations need to invest resources for setting up an intel team that assesses these attacks to ensure protection from threats always.
Develop and operationalise phishing incident response playbooks: This helps formalising an incident response and establishes automated operationalisation of threat management. Hence, managing the risk automatically in case of recurrence.
Today, both organisations and individuals need to be well versed with the measures to be taken in order to protect and secure data from external threats which could impact internal systems and operations. In an ever-mutating threat landscape, a robust security awareness programme remains a key defense tactic in protecting against email-based phishing threats.
The writer is VP & Country Head (India & SAARC), FireEye