+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Don’t buy new laptops, invest in virtual machines to protect against cyberattacks — suggests cybersecurity expert

Jun 9, 2020, 09:07 IST
Business Insider India
Cyberattacks on Indian companies are increasing and buying new machines for better protection may not necessarily be the answerUnsplash
  • Buying new laptops isn’t necessarily the answer to better cybersecurity if you don’t have the right mitigation methods in place.
  • Siddharth Vishwanath, the partner and leader of cybersecurity at PwC India, says setting up virtual machines may be a more cost-effective and secure way for companies to fend off cyberattacks.
  • In an interview with Business Insider, Vishwanath explains how enterprises — big and small — can set themselves up to protect against hackers.
Advertisement
The coronavirus pandemic and the new work-from-home model has every enterprise thinking about cybersecurity — from micro, small and medium enterprises (MSMEs) to the big wigs like TCS, Wipro and Infosys. And, yes, there is a cost to it but the bigger question is how companies manage that cost, Siddharth Vishwanath, the partner and leader of cybersecurity at PwC India told Business Insider.

“Purchasing hardware or providing software to secure employees’ personal devices (BYOD) will come with additional overhead of deployment, integration, administration and monitoring of devices or software,” he explained. Rather than go about it manually, Vishwanath suggests considering security as a service (SaaS) model.

As the COVID-19 outbreak reached India, the number of cyberattacks on Indian organisations doubled in March 2020 from January 2020.PwC


Instead of buying new devices, shift to the cloud
According to him, businesses can save on costs by leveraging assets that are already there in the cloud. “Such services provide scalability and agility required in current dynamic and challenging times,” he explained. While it may seem like MSMEs are a great risk due to the lack of specialised IT security, large enterprises have a more complex and ever-expanding boundary to cover.

Instead of buying 200 new laptops or providing security solutions for 200 of employee’s laptops, Vishwanath believes it would be more sensible and cost-effective to provision virtual machines (VMs) in the cloud. “These can be charged per hour and only be billed for the 8-10 hours an employee may use per day, whereas a new laptop would require dedicated support SLA and entire device lifecycle commitment,” he explained.

Advertisement

Where do hackers break-in?
Hackers are continuously revamping and building up how they can break into networks and devices, no matter how full-proof security may be. As the cliche goes — the best offence, in this case, is a good defence. Just a more narrow approach, that can focus on the most likely targets, “By concentrating on what I would term chokepoints,” said Vishwanath.

The remote work infrastructure is being heavily targeted, along with attempts of identity theft and malicious payload delivery.PwC

This means covering the basics like the firewall or proxy and Virtual Private Networks (VPNs) for employees. Even if a phishing scam is successful, 2-factor authentication can make it difficult for an attacker to enter a protected network. “By ensuring every employee connecting to corporate resources (on-premises or in the cloud) must go through a two-factor authentication we are reducing the attack surface caused by weak passwords or a phished employee,” he explained.

The increase in EDR systems may or may not be directly attributed to the cyberattacks during the COVID-19 crisis, but it could have resulted from decreased patch compliance, increased number of people working remotely and use of unsafe devices connected to corporate networks through the provision of home VPNs in certain cases.PwC

For employees, that does mean that their company is likely to monitor their traffic to check for malicious connections or emerging attacks vectors — like any new COVID-19 scams.

Just as employees need to adapt to the ‘new normal’, organisations also need to keep their options open. “Backup alone is never an answer,” said Vishwanath. While essential, it’s best to also have next-gen antivirus, network layer scanning and endpoint detection and response (EDR) solutions in place to provide a ‘defence in depth’ for a higher degree of protection.

Advertisement
SEE ALSO:
Cognizant's ransomware attack is making peers like TCS and Infosys nervous — and they are beefing up security

Top cryptocurrency scams of 2019 — and how most hackers got away with it

Wipro confirms phishing attack on its system — 11 other companies unknown

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article