If the companies are not considering the cybersecurity risk, major other factors like the reputation which determines the goodwill of the firm, operations, legal and the compliance implications should be taken into account.
The Pandemic has created new challenges for businesses as they are impelled to adapt from the current ongoing trend of “working from home” which is the new normal. Companies are stimulating their digital transformation and cybersecurity at an unprecedented risk. If the companies are not considering the cybersecurity risk the major other factors like the reputation which determines the goodwill of the firm, operations, legal and the compliance implications should be taken into ambit. The purpose of this article is to examine the impact of the brutal pandemic and mitigation measures various businesses can take.
Cybersecurity Menace
The restrictions imposed by the concerned Governments of every state is a preparatory response to the virus that has subsequently persuaded the employees to work from their safe habitats. Technology has become a significant element in the working and personal lives. Despite the rise of technological dependance it is indeed worth noticing that many firms still do not provide a ‘cyber-safe’ remotely-working environment.
The figures of cyberattacks globally can be quoted from the NCSC (National Cyber Security Center) which computed that there were 350 reported cases of cyberattacks inclusive of phishing, fraudulent web sites resulting in deceptions and trickery activities, direct attacks on companies etc. Work from home culture is seen as the genesis for this increase since employees that contribute to the targets do not enjoy the same level of protection measures that are provided at the systems of the fully secured and functional organizations.
The rapid escalation in remote working calls leading to greater focus on cybersecurity because of the magnified exposure to cyber risk. As per the recent survey conducted by the company Tessian “two-fifths of the people admitted to making a mistake while work that had security repercussions, while half of the people engaged in the tech industry confess about clicking on the phishing email at work”, phishing has been reportedly been the been a persistent muddle during the pandemic. As per the figures quoted by the cybersecurity ventures cybercrime is anticipated to charge the global economy $6 trillion annually by 2021 which was half in 2015 i.e., $3 trillion dollars. The ransomware damages are envisaged to cost the world $20 billion by 2021, which is unprecedented as it is 57 more times that what it was in 2015. This undoubtedly makes ransomware the most expeditiously growing cybercrime.
The Protection of the organizational data is the most climacteric and momentous tasks as the companies share sensitive and confidential information with more than 500 third parties. The paramount step of the company is to conduct an inventory and corroborate and verify that the information is strictly communicated and shared on need-to-know basis.
The second indispensable step is to make sure to encrypt all sensitive date including employee information everything related to the business data and customer concerned information. This step guarantees and makes sure that the data is secured becomes less crucial if it falls into a vulnerable accessor. The necessity of creating backups of the data created and safely securing it outside the network is also recommended.
The pandemic has brought about a visible paradigm shift in the criminal activity. The pandemic may have truncated the threat of physical crime but the target of the cybercrime is on the rise as criminals globally exploit the widespread anxiety about Covid-19.
Cyber criminals are adapting to new targets and attacking the wealth digitally which is inclusive of the official data too.
Regulatory Landscape
The main legislation governing the cyber space is the Information Technology Act, 2000 (IT Act) which furthermore defines security as “protecting information, equipment, devices, computer resources, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction”. Incorporation to providing legal recognition and protection of transactions carried out through electronic data and other means of electronic communication, the IT act and various other rules made therein also focus on information security that defines reasonable security practices to be followed by corporates and redefines the roles of the intermediaries, recognizes the role of the Indian Computer Agency Response Team (“CERT-In”). The IT Act also amended the scope and provision of Indian Penal Code, Indian Evidence Act, 1872, The Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act 1934 and with matters concerned therewith or incidental thereto.
The scope of the IT act is not only limited to the boundaries of India but it is also applicable to any offence or contravention committed outside India by any person.
The Legal sanction under the IT Act extend to imprisonment, penalties and also for a framework for compensation/damages to be paid to the claimants. Further, if a body corporate, possessing, dealing or handling any personal data or sensitive personal data or information in a computer resource which it owns controls or functions is negligent in implementing and maintaining reasonable security practices and procedures and thereby resulting into wrongful loss or wrongful gain to any individual, such body corporate is liable to pay damages by way of compensation to the person so affected.
The upsurge in sophisticated cyberattacks calls for new ‘cutting edge’ detection to meet the threat such as user or entity behavior analysis.
Unavoidable Measures that require indoctrination
Employees working from home and using their personal devices should implement several measures to avoid trapping in the maliciousness of attackers.
The use of anti-virus protection should be provided with a license to antivirus and malware software for use on their personal computers, it eliminates low level attacks and intrusions.
The awareness regarding the cyberspace and security is required and foremost which should be transmitted. The practice of VPN i.e., virtual private network, identifying the weak spot, intelligence techniques, new technological tools etc. are all significant unavoidable measures to be taken into consideration.
From ransomware to data breaches and from election security to unemployment frauds, COVID-19 has in many ways unleashed a new set of obstacles and or accelerated existing challenges within global enterprises. The WHO reported a fivefold proliferation in cyberattacks in 2020.
Cyber laws are established to protect consumers from internet-based frauds. They exist to prevent card theft, identity theft and other major online crimes. There are various activities that are made criminal by cybersecurity laws that compute the computer hacking, economic espionage, corporate espionage, identity theft, breaking into computer systems, accessing unauthorized data, stealing confidential information, sexual exploitation of children, spreading of fake news, flooding websites with increased volumes of irrelevant internet traffic.
Sectors of economy that are most affected by cybersecurity laws and regulations
The financial services, banking, insurance and telecommunication have exhibited higher standards of cybersecurity preparedness and awareness partly because of the regulatory intervention as well as voluntary compliance with advanced international standards. Sectors such as e-commerce, IT and IT enabled services that have witnessed infusion of FDI have also proactively deployed robust cybersecurity framework and policies to counter the dynamic nature of cyber fraud as they have borrowed advanced cybersecurity practices and procedures from their parent entities. The SDPI rules framed under the IT Act require body corporates that handle sensitive personal data or information to implement ‘reasonable security practices and procedures’ by maintaining a comprehensive documented information security program. The SDPI rules recognize the international standards on Information Technology- security techniques – Information security management systems. All body corporates that comply with this standard are subject to audit checks by an independent government approved auditor at least once a year or as and when they undertake the significant upgrade of their processes and computer resources. Requirements as one such approved security standard that can be implemented by a body corporate for protection of personal https://mail.google.com/mail/u/0?ui=2&ik=8b42c81b8d&attid=0.2&permmsgid=msg-f:1704282669615147316&th=17a6d40eef43e934&view=att&disp=safe&realattid=f_kqnzuyfw0 information.
Sector security regulators have also prescribed security standards specifically applicable to regulated entities. RBI guidelines mandate banks to follow the ISO/IEC 27001 and ISO/IEC 27002 standards for ensuring adequate protection of critical functions and processes. SEBI requires stock exchanges, depositories and clearing corporations to follow standards such as ISO/ IEC 27001, ISO/IEC 27002 and COBIT 5.
Combating Cyber Crime
The most significant and reference to the ongoing scenario can be the despotic reliance of the corporate world on ZOOM which resulted into a huge number of crashing into office meetings, zoom gatherings etc. undoubtedly disrupting the flow of the particular session. The zoom platform comparatively less secured and vulnerable to data security made the audience shift to stricter and more secured applications. Furthermore, the inter-governmental bodies like the European Commission chose switching to more secured applications for data and information related calls in the wake of cyber threat.
The incursion and dominance of the Chinese digital platforms into the ubiquitous web made powerful states like America and India ban the Chinese application-based hegemony.
Way Forward
Right to privacy being a fundamental right continues to be infringed on a daily basis ever since dominance of technology has taken over. The need for more stringent laws to combat the upsurging threats is required. The current legal structure does not adequately address the issues of the sector. As we welcome the impending legislation, various companies in the healthcare and the banking & financial services sector are certifying that their reliance is on their own technical security measures to ensure that the data available with them is not corrupted. The proactive surveillance maintained by the body corporates, is also well encouraged by the insurance industry, where cyber-security insurances have garnered extreme popularity, and are augmenting the paucity of an effective legal regime. It is often quoted that the future is a click away, it is indispensable that the click does not result into detrimental portal.