5 lessons learnt from the biggest cyber attacks in 2020, and how to ensure security for your business in 2021

The COVID-19 pandemic led to an unprecedented surge in digital activities. As the year 2020 witnessed a distributed workforce with work from home becoming the new normal, dependence on the internet has increased manifolds. The internet may have provided us connectivity and efficiency, but has also brought numerous cybersecurity challenges that we are unaware of.

For instance, many of us might think that no hacker would be interested in our office or home networks. On the contrary, cyber intrusions and attacks have increased dramatically this year, exposing sensitive personal and business information, disrupting critical operations, and imposing high costs on the economy.

According to a recent report, India witnessed a 37% increase in cyber-attacks in Q1-2020 as compared to Q4-2019. With the Digital Economy at its peak in India, cybercrime has also increased at a rapid pace. One of the potent reasons behind such a massive increase in cyber-attacks is the lack of knowledge of such attacks. It is needless to say most organizations are unaware of cyber-attacks and lack vigilance before any breach is reported.

Both government and private organizations are on the radar of hackers. And seeing the security measures companies/startups take it won’t be wrong to say that if someone is inclined enough, they can hack the business quite easily. These organizations are rushing to build up their ammunition to control this unprecedented increase in the levels of cyber-attacks, yet there hasn’t been much respite from these crimes.

The most common cybersecurity challenges faced by these organizations include -- phishing, distributed denial of service (DDoS), and social engineering, Cross-sIte-scripting, Cross-site request forgery, SQL injection and so on. Further, ransomware attacks rose by 40% last year. Hackers encrypting data in order to extort money or threatening to make a vulnerability public if not compensated in the exchange, are becoming way too common.

On top of this, the lack of an effective security solution makes cybersecurity expensive, time-consuming and complicated for these organizations and inevitably results in abandonment. Unplugged security gaps and poorly managed aggravate this even further.

Given the loss of reputation, customer trust and revenue cyber-attacks can incur on a business, it is a no brainer that we need to take cybersecurity seriously.

Here are five top lessons learnt in 2020 that the industry must swear by to avoid such attacks in 2021:

Be on track with Cyber Security Audits: To tackle such a massive cyber crisis at our hands, it is important for the companies to re-evaluate their business assets and look for security vulnerabilities pertaining to them. A thorough analysis of your infrastructure, applications, workflows, and data handling systems will not only let you rediscover the assets in play but also make you aware of the risks they withstand or fail. To be alerted of any such risks beforehand contributes immensely to the institution of a working security plan. So before you jump to procure any other security solution, do ensure that your current infrastructure is vulnerability-free and secured by performing a comprehensive cybersecurity audit.

Automating Security at every stage: Today’s organizations emphasized embracing of the distributed workforce and also witnessed an increased dependency on the cloud. Many businesses learnt the hard way that their underprepared change shoved them more in the face of cyber threats such as phishing, bot attacks, etc. Come 2021, automated security structures that secure each end-point and access controls with firewalls and other systems will be the best cybersecurity bet.

Updates and Data backups: Procrastinating important security updates and backups can end up hazardly for your business, as we saw in several 2020 cases. Even though upgrading and backing up are one of the repeatedly recommended security measures throughout history, the importance hasn’t diminished one bit. Hence, focus on timely updates and rigorous backups will continue to be one of the key cybersecurity takeaways for 2021.

Cybersecurity education: With gen X, gen Y and gen Z people discovering the online space, the probability of them falling prey to targeted cyber threats is parallelly rising. Attacks on/through employees and customers propel us to rethink our cybersecurity education. It is, thus, crucial that every company indulges in proper cybersecurity & infosec awareness programs and training for its employees and customers. Awareness of cyber threats and best practices can help dodge any attack in the form of a phishing email, credential theft, or social engineering.

Move with time: Hackers and their tactics are getting better and nuanced with each new attack. To keep up with the security, you need to be moving with time. This is to say, the security plan you undertake in January 2021 may not necessarily block all threats of September 2021 or say December 2021. You need to evolve your guards with changing times. One way to do this by performing regular security audits. Another is to invest in a futuristic and machine-learning security solution that keeps up with the rising cyber threats landscape.

Ujwal Ratra, Chief Operating Officer, Astra Security