Work From Home (WFH) Caused about 66 percent Data Breach in India: Barracuda Survey
Published on : Saturday 22-08-2020
Recently, I was talking to one of my friends who is leading a manufacturing industry’s department, he said “You people work in IT, you can work from home easily; unlike mechanical engineers and staff in manufacturing industry”. Trust me, it is a partial truth as there are many risks involved. It is not at all true for all tasks and job profiles in IT industry or IT departments of other industries. In IT industry, top importance is Intellectual Property (IP) of customer’s data, source code, compliance, confidentiality, data focused policies and many other related business-related stuffs.
You must have come across a survey of remote workers published by CyberArk which says that around 77% of remote employees are using unmanaged devices to access corporate systems. The same survey finds 93% of employees have reused passwords across applications and devices, with 37% insecurely saving passwords in browsers. Any CISO or CISA can’t ignore these figures, as it is simply pointing at high cyber risk.
Findings in Survey conducted by Barracuda Networks
A recent survey by Barracuda Networks says that nearly 66% of Indian organizations have had at least one data breach or cyber security incident since shifting to a remote working model during the pandemic. Also, employees in 67% of organizations experienced an increase in email phishing attacks. While 64% of organizations expect an incident to occur in the next month, 70% are concerned about unknown threats that will cause business disruption in the next 6 months. The study is based on responses from over 1,000 business decision makers in India, Australia, New Zealand, Singapore, and Hong Kong including 247 business leaders in India.
According to this survey, 53% of organizations in India do not have an up-to-date cybersecurity strategy and solutions in place that cover all the vulnerabilities posed by full-time remote working. It is really good to know that in India 79% of organizations allowing employees to use personal email addresses and personal devices to conduct company work.
“More employees working from home means that more devices are connecting remotely, outside of the secured corporate network. It’s critical to understand what remote workers are doing with data that is rapidly going out of control, which indicates that organizations will have to rework the ‘new normal’ to make it more effective and more secure,” Murali Urs, Country Manager India, Barracuda Networks, said.
The study indicates that 83% have fast-tracked their plans to move their data to a 100% Cloud-based model to create a new future for their business. On average, 89% agree that this shift will help reduce overall IT costs to support business growth.
The study suggests that Covid-19 has accelerated the introduction of remote working by at least five years for 59% of organisations in India, yet, organisations must address relevant security challenges.
How to Secure Data while Working From Home Model?
Now we have understood the problems raised in this WFH way of working. Let’s check few solutions to overcome these risks.
- Secured Cloud computing should be adopted for critical assignments.
- Organization should invest in cyber-secured telecommunication assets such as Secure VPN, Hosted IVR, Clean Internet etc.
- Reputed End Point Protection or at least an Antivirus software is must on each machine used by any employee or stakeholder for WFH.
- Regular internal security audits and monitoring should be part of process.
- Employees must undergo regular Cybersecurity awareness trainings.
- Employees must receive regular cyber threat alert emails or notifications by organization.
- Personal email ids or personal devices should not be used for official work for organization.
Any organization cannot run successfully without People, Process and Technology. Similarly, awareness of people, security processes and cyber-secured technologies are most important.
Shekhar Ashok Pawar is CEO of GrassDew IT Solutions Pvt Ltd which is primarily focused on Cybersecurity Assessment & Audits, IT Consulting, Customised Software Development, Telecommunication Solutions and Software Products. With more than 15 years of international experience, he is CISA, CEH, CHFI, MCP, Blockchain Developer, Dip Cyber Laws, CMMi Level 5 ATM & ISO 27001 LA. He is also certified H/W & S/W expert for Mobile Phones, Computers and CCTV cameras. He did Executive Management (SJMSOM, IIT-Bombay), after Engineering in Electronics & Telecommunications, Mumbai. He is also certified for "Digital Signal Processor & Applications" by Analog Devices - DSP Learning Center, IIT Madras.
He is lead contributor to GrassDewPanther @ LinkedIn which is focused on sharing global cyber threats and related news. Shekhar's recent book “Air Team Theory: Understanding 10 Types of Team Mates and Best Practices to Succeed” was published in January 2020 and is a hot-seller on Amazon.