Podcast Audio Transcript
Alisha: Hello listeners, this is Alisha; thank you for tuning in to yet another exciting and informative podcast from us at Infosys BPM. Today, we are discussing about the new trends in cybersecurity. And to talk about this, we have here with us, Lakshmi narasimha, Head – Technology Solutions Group, whom we affectionately call “LN”. Welcome LN. How are you?
LN: I’m doing good Alisha, thank you for having me in this podcast.
Alisha: It’s a pleasure, LN. When we are talking about cybersecurity, it is a dynamic area undergoing so many transformations over the years.
How, in your opinion, has the world evolved over time from traditional data security to modern standards?
LN: That question is very relevant, Alisha. There are multiple ways, which I will mention here.
When data was stored within the company or its data centres, they were accessed over LAN (which is a closed network) or through point-to-point connectivity, where external access or interference is not possible.
- Physical Security: Employees used to work only within company premises. This used to take care of stringent physical security requirements. In the New Normal, however, employees are working from home or “anywhere”. Hence, this physical security aspect has disappeared.
- Logical security: Endpoints (desktops) were within office premises, and all security controls were designed around this working model. Now endpoints are being used at home; hence, security models had to be redesigned.
- Data security: Most of our company data as well as our client data used to be stored on servers in company premises. Now, this has moved to cloud storage.
Once data is outside your company data centre and stored on the cloud, internet connectivity is needed to access it. Users need the internet for accessing company data, client data, internal and external websites, and social media, as well as for video and audio conferences. They access these services through common or even shared internet connectivity.
This gives rise to a plethora of sophisticated, devastating, and frequent cyber-attacks, such as malware, ransomware, phishing, Trojan, website spoofing, IoT hacking, denial-of-service, crypto-jacking, and man-in-the-middle attacks (MITM), among others.
Alisha: That’s quite true. Cloud has given rise to several security concerns.
Threats like hacking and malware have been bothering organizations for a long time. Could you touch upon specific ways these threats can impact companies?
LN: These threats are very real for organizations worldwide, across various industries. According to a recent report, among affected organizations, approximately 23% are from the professional and consumer services industry, 19% are manufacturing and industrial organizations, 7% are retail organizations, 6% are construction companies, and 6% are IT organizations.
The attacks range from affecting (reducing/stopping) the company’s business operations fully or partly, attacking computer and control systems, data theft, deleting or purging company data, and taking the company’s confidential information and threatening to share it with competitors.
You may also recall news reports about how consumer data was stolen from an ecommerce company and the attack on one of the largest airlines that affected the schedules of hundreds of aircrafts and caused thousands of passengers to be stranded in airports. We also hear of situations like cyber-attacks stopping large manufacturing units and changing critical parameters of equipment resulting in faulty products.
The impact is that these attacks can be hugely damaging to businesses, causing loss of productivity and often financial losses. Most obviously there is the loss of files and data, which may represent hundreds of hours of work or customer data that is critical to the smooth running of an organization.
There is also the loss of productivity as machines will be unusable. Then there are the expenses for replacing infected machines and preventing future attacks.
Alisha: I fully agree LN, these cyberattacks can be quite devastating.
In your opinion how can an organization protect their data from such vulnerabilities and attacks?
LN: Usually, an attack begins with malicious software being downloaded onto an endpoint device, like a desktop, laptop, or smartphone. This usually happens because of user error and/or ignorance of security risks. One common method of distributing malware is phishing. This involves an attacker attaching an infected document or URL to an email while disguising it as being legitimate to trick users to open it, which will install the malware on their device.
Another popular method of spreading ransomware is by using a Trojan Horse. This involves disguising ransomware as legitimate software online and infecting devices after users install this software.
Email is a weak point in many businesses’ security infrastructure, and hackers can exploit this by using phishing emails to trick users into opening malicious files and attachments.
The major issue here is the lack of awareness of security threats. Many people are not fully aware of what threats look like and why they should avoid downloading or opening suspicious emails or links. This lack of security awareness helps the attack to spread quickly.
The best way for businesses to stop attacks is to be proactive in their security approach and ensure that they have strong protections in place before ransomware can infect users’ systems. Here are some tips for protecting against cyberattacks:
- Use a strong and reputable endpoint anti-virus
- Implement email security, inside and outside the gateway
- Apply web filtering and isolation technologies
- Provide security awareness training
- Ensure data backup and recovery
Alisha: I agree. Educating employees on security trends and having a solid security policy across the organization is quite important.
LN, thank you so much for participating in our podcast today and providing your valuable thoughts.
LN: It was a pleasure, Alisha. Thank you for having me.
Alisha: Dear listeners, if you enjoyed our podcast today, please don’t forget to share and like it on social media. Our social handles are mentioned in the podcast page. The podcast will be available on various platforms like Google Podcasts and Spotify, in addition to our website.
Also, if you have any queries, do reach out to us through the email address on the podcast description. Watch this space for more exciting podcasts coming up. Once again, thank you for tuning in, stay safe, sharp, and healthy. Have a nice day!