Cybersecurity training addressing access and responsibilities required for employees

J Kesavardhanan
Founder & CEO, K7 Computing

“The overnight transition to working from home, and other increased dependence on online services for shopping, socialising, and even schooling, has definitely cause a spurt in threat activity with a 500% increase in cyberattacks. Work from Home has made many organisations involuntarily adopt a BYOD policy as they have not been able to procure devices for all their employees to use at home, and are relying on their employees using their personal devices. Additionally, these employees are using their personal networks as well which is often not considered by organisations when framing an enterprise BYOD policy.  

It is not surprising to see that employees who are now outside the protection of the enterprise IT perimeter are at greater risk of cyberattack. Business leaders have to accept that their enterprise has no perimeter and will never have one in future even after this pandemic is behind us, and adopt a new cybersecurity posture which leverages cloud deployed endpoint security to ensure that all devices and users are protected irrespective of when and where they work. Cybersecurity training that addresses different levels of access and responsibilities is also required for employees as they cannot depend on having an IT team nearby to take care of their security needs.

If data is the new gold, it should be protected as if it is gold. DSCI/PWC estimate that the average cost of a data breach in India is Rs. 11.9 crore. Businesses can avoid such risk by adopting a data security strategy which includes data classification, access based on the principle of least privilege, encryption at rest and in transit, data backup and retention, and physical security of data storage devices. Additionally, a robust endpoint security solution should be deployed to prevent cyberattacks that aim to steal data or hold enterprise data to ransom.

 
Artificial intelligence enables rapid analysis of large troves of data to identify patterns and draw actionable conclusions. This capability can be utilised to identify threats and block or warn before they can inflict harm in a world where lakhs of new malware are generated every day and manual analysis is not feasible. AI can also help mitigate some of the concerns arising from the deficit in qualified and capable cybersecurity talent by shouldering some of the analytical workload.”