It’s been almost an entire year since some of us have seen the inside of our offices. While certain companies are slowly and cautiously welcoming back their employees, majority are still wary of reverting to the pre-COVID style of work entirely – Workplace 2.0 will largely be a hybrid model, believe industry leaders.

How Remote Work Altered The Cyber Risk Landscape

While working in an office space has become a thing of a past for many, it led to the massive adoption of cloud services as well as a dynamic alteration in the cybersecurity paradigm for businesses today. Risk Based Security stated that 2020 was the worst year on record, in terms of total number of exposed records with a total of 2,953 breaches reported in the first three quarters of the year. Global cybercrime will cost businesses $11.4 million per minute by 2021 – RiskIQ Research revealed that there were five attacks on computers per minute, with nearly 16,172 records compromised per minute and one vulnerability exposed every minute.

Remote work or WFH, most presumably with the support of personal, home WiFi networks, meant a wide and uncharacterised exposure to all kinds of malware and susceptibility to cyber threats. Research by data security solution provider Acronis revealed that password stuffing and phishing were the most common kinds of cyberattacks seen in 2020, mostly due to the rapid and unplanned switch to remote work and weakened security policies.

On Safer Internet Day, let’s explore how the past year has redefined internet habits, and consequently, reemphasised the need for a smarter, agile cyber threat management plan, ably supported by technologies like Artificial Intelligence.

OLX released a report this week on the Internet habits of Indians as part of the 2021 Safer Internet Day study, which studied the behaviours of 6,000 Internet users. While Internet usage spiked by 50% during last year, it also led to the increase in cyber frauds by 61%. With the increased adoption of cloud services in the past year, the focus on cybersecurity is more pertinent, and organisations are compelled to be ever more vigilant.

Cloud Is Safe, But Not Entirely Immune To Cyberthreats

In the early days of the pandemic, concerns over reduced business continuity and stakeholder communication were running high. The demand for heightened collaboration led to a surge in adoption of conferencing and business collaboration tools. According to a NASSCOM report released in September 2020, COVID19 further accelerated cloud adoption in India, especially among SMBs in sectors like e-learning, healthcare, retail, gaming and entertainment.

While cloud does make a conscious move away from the conventional perimeter-security strategy that large corporations deploy, there is also the promise of enhanced safety. However, no setup can honestly promise 100% safety and security, and its no surprise that over the years, cloud services too have witnessed an increase in the number and scope of attacks. Popular cyberthreats that could compromise cloud computing include:

• Cryptojacking: Accessing cloud computing systems for their power, to mine for cryptocurrency
• Data Breaches: Cyber criminals gaining unauthorised access to a company’s cloud network to copy and transmit data
• Denial of Service: DoS attacks are when cyber criminals overload a company’s servers with voluminous traffic loads, making services inaccessible to customers and the company executives as well.
• Insider Threats: As the name suggests, this happens when employees compromise company data, unintentionally or intentionally.
• Hijacking Accounts: Password stuffing and phishing are techniques to hijack company accounts, and access vast amounts of employee information
• Insecure Applications: A careless download of suspicious software can wreak havoc on entire systems.
• Inadequate Training: IT professionals must receive constant and proper training on industry protocols and latest cyber risks to help their organisations develop robust protection strategies.

Integrated Approach to New-Age Cyberthreats, Supported by AI

Cybersecurity firms worldover understand the nature of the beast they are tackling. Cybercriminals are crafty and sophisticated – often times, they use AI to unleash more attacks on organisations. It is imperative to stay a step ahead at all times. Since investing in multiple products and solutions to manage all these threats 24/7 is a huge cost facto, cybersecurity companies are increasingly exploring integrated security solutions for cloud platforms – this helps businesses manage costs and more importantly, streamline their cyber management activities more efficiently.

Motorola Solutions just rolled out the AI Network Video Recorder (NVR) that combines the traditional Avigilon NVR with the capabilities of the Avigilon AI appliance to provide enterprises with a solution that fulfils their analytics, storage and cybersecurity needs. Last week, ARIA Cybersecurity Solutions announced the ARIA CloudADR that monitors all threat surfaces to detect known and novel cyberattacks. It uses a threat modelling approach to detect threats by behaviours, and leverages ML to help find these behaviours both within the threat analytics, as well as the network data. It is AI-driven, which means it finds verifies and surfaces only confirmed attacks, without human involvement. This solution is automated for near real-time identification and containment of verified threats, provides intelligent threat detection and response with AI and ML threat-based behaviour models and provides the functionality of seven disparate security tools in one product.

Rajesh Chhabra, Sales Director (South Asia) of cyber protection company Acronis believes the days of a perimeter-based strategy for cyber safety are well behind us, and this has been exacerbated by the transition to WFH and work from anywhere. “Even though the pandemic is showing signs of slowing down across the world and there is hope hinging on the vaccine, workplaces are already working towards a hybrid model and preparing for newer challenges that threaten cyber safety. This is where we believe an integrated solution to manage five core risks – security, accessibility, privacy, authenticity and safety – will be the new norm.” Acronis rolled out an all-in-one integrated solution last year that unifies antivirus, disaster recovery, backup, endpoint protection management and malware detection; running on a single UI where all the pieces “speak to one another” effectively thanks to AI, while ML allows the machine to learn the risk landscape and run predictive models envisioning various threat scenarios. The company has been hailed as a Gartner Visionary for developing this approach to manage cyber risks.

(Rajesh Chhabra, Sales Director - South Asia, Acronis)

Chhabra adds, “AI is the critical tool that binds together this idea of integrated solutions. We envision this to be a new era in managing cyber risks especially as more businesses migrate to the cloud in the coming months.”

Personnel Integration Key To Achieving Tech-Based Integration

While companies like Acronis and Motorola among others seek to deliver unified solutions to manage cyber risk, the nature of the new, sophisticated beast demands that senior management bandy together to do the same. Gartner predicts that by 2024, 60% of CISOs will establish critical partnerships with key executives in sales, finance and marketing, up from less than 20% today. By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member - this is one of the several changes expected across the organisations in response to the greater levels of risk created by the expanded digital footprint of organisations during the pandemic. Enhanced coordination between various departments and a strong CISO who can foster these conversations between leaders is the coveted strategy to navigate a business through these new challenges.