On the need for Digital Risk Management and resilience during Pandemic

The Covid-19 Pandemic has changed the dimension in which security is imagined, with work from home becoming the new normal. Flexibility, Ease of doing business, Digitization, Lightweight apps have replaced bulky applications, slow accessible systems.

Cloud-powered technology is the new standard, and Security integration is here to stay as part of the design. Access to official work on personalized systems is the way to go; hence access rights management and building security virtually through containerization on mobile and remote devices is reality.

Sizeable corporate office space with heft rents will hurt organizations unless they redesign workspace, as more and more employees will work from home for the next two years. Today enterprises will require to buy more virtual space than physical space to continue work, so investment in I.T. Parks will move to Digital /Virtual parks offering Ease of doing business, trust & safety. Hence, the organization's investment in perimeter security by buying an expensive firewall, WAF, IDS/IPS, won't yield dividends. The more significant challenge will understand how to continue remote working and ensure the security of the company, and take care of the Privacy of individuals

For companies in software development, allowing multiple developers to work remotely and collaborate on a single platform will be the key to collaboration. Hence the adoption of Kubernetes and dockers will be faster in India than earlier imagined. The first line of defence for organizations will change as people are no longer behind enterprise walls, so tackling phishing and social engineering attacks will be the big challenge for organizations, so will employee awareness.

Social Engineering attacks will rise, impacting employees' digital identity, companies’ brands, and reputation, resulting in the need to increase cyber awareness for employees and safeguard them from emerging threat vectors. Therefore, protecting employees from Cyber fraud, phishing, Vishing, and social engineering attacks.

Strengthening email security also remains vital to spot phishing emails, filter spam. Hence, content filtering solutions block malicious websites to open and safeguard users since organization services have become utterly digital, including H.R., Admin multi-factor authentication to protect organization data.

Proactively Digital Risk Management and monitoring using behaviour anomaly-based detection techniques, deep packet inspection will be solutions that will be required and take away SIEM solutions that generate multifold logs. Hence organizations will move away from continuously monitoring device logs, analysts removing false positives and developing alerts to automated Artificial Intelligence. These Machine learning-based solutions will detect attack patterns, find I.P addresses from which the attack originated, and automatically block them. Proactive Threat Intelligence and Hunting will become critical elements to find out data, attack patterns of hacktivists, and state-sponsored cyber-terrorists and feed into threat databases to build rule sets to block I.P. schema from which such attack could originate.

Continuous detection and analysis of Advanced Persistent Threats could help build a response mechanism to stop the weaponization of Cyber kill chains and deployment of Command Control Servers and RATS. Hence dimension of Enterprise Security has entirely changed due to the Pandemic. Cyber wargaming, simulation, and gamification exercises could help the organization get an accurate picture of their cyber preparedness to detect, deter and respond to cyber-attacks. Doing such exercises quarterly or monthly would be precious, leveraging different attack scenarios. While consultants, vendors, magic quadrants always advocate outsourcing of security. Today organizations could build up layered security structures internally and link cyber teams to Digital; Internal Audit functions to bulk up security functionality. While Digital Teams integration with security could help build security, Privacy by design, integrating cyber security with Internal Audit could help organizations quantify cyber risk. Thus, overall cyber risk scores could be used to build up a risk scorecard for organization business function, processes. Such activity will help quantify cyber risk, link it upto enterprise risk scorecard for businesses, develop mitigation strategies, and get board attention to emerging threats.

Another aspect that has become important during covid-19 is the protection of Intellectual property since all produced content gets digitally broadcasted on the internet, television, and OTT platforms. Hence, copyright protection has become vital for companies creating exclusive content, given large levels of piracy and IPR violation happening through copying and digital recording of content. So, enterprises today are building partnerships with law enforcement agencies and working with the government of states, countries to tighten Intellectual property laws and regulations.

The author is Founder-India Future Foundation and a Cyber Security, Public Policy expert.