The Cyber Security Buffs conducted a webinar on 30th November 2020 to celebrate International Computer Security Day. This webinar was focused on one of the most prevalent cyber threats today: phishing. The webinar discussed how phishing poses a major threat in a remote working world.
In this interactive session, esteemed cyber security experts, Vikas Yadav, CISO at Nykaa.com, and Pavan Kushwaha, Founder and CEO at Kratikal, took the viewers through the changing phishing trends and some basic preventive measures to help secure organizations against such threats.
You can watch the entire webinar here:
Given below are the key points covered in the discussion:
Pavan Kushwaha: How is generating cyber security awareness important?
Vikas Yadav: Cyber security is a group effort. Generating cyber security awareness is one of the most crucial aspects of cyber security. Every employee, client and vendor of an organization plays a major role in keeping the company cyber secure.
For this reason, generating awareness about the recent threats, statistics and various aspects of cyber security is essential and must be the number one priority of every organization. Providing regular cyber security awareness training is the best way of improving an organization’s cyber hygiene.
Pavan Kushwaha: How has the role of cyber security changed in 2020?
Vikas Yadav: The year 2020 has witnessed a paradigm shift in how cyber security is viewed and what efforts organizations put in to protect their employees against cyber risks. Many organizations were initially reluctant to come out of their comfort zone and allow their employees to leave the safety of the well-developed IT infrastructure. However, the grave circumstances created by the COVID-19 pandemic forced the sudden transformation to remote work culture.
As an unprecedented number of people started working from home, employees had to access corporate files and applications from home networks. This can leave sensitive company data vulnerable to attack. So, in a remote working world, the role of cyber security has become much more vital than ever before.
Pavan Kushwaha: How has the COVID-19 pandemic affected the number of phishing attacks in 2020?
Vikas Yadav: Phishing has always been one of the prime attack vectors amongst cybercriminals. 95% of all cyber risks involve email-based attacks. Before the COVID-19 pandemic, people were free to visit their friends, doctors or other experts in case they had any doubts or concerns. However, in the current circumstances, the majority of people have started relying on the internet to seek all kinds of information.
Many cybercriminals took this opportunity to exploit the COVID-related fears and worries festering amongst the general population. A number of phishing campaigns have been launched to target users into giving up confidential information.
Pavan Kushwaha: What is the best way of generating cyber security awareness amongst employees in an organization?
Vikas Yadav: Generating cyber security awareness has always been very important. Every employee that joins an organization should be given a short training session that includes the basics of cyber security, the company’s security environment, the policies adopted by the organization and what kinds of cyber risks to look out for. Besides providing all the employees with an introductory session, all organizations should conduct mandatory annual cyber security training.
However, no training can turn out to be advantageous if you don’t check its impact. Organizations can run various phishing simulation campaigns to figure out which employees are most susceptible to cyber attacks and provide them with enhanced training. The cyber security training should be especially focused on the departments that handle any critical company data. Very few organizations focus cyber security efforts on third parties and consultants who have access to corporate applications and systems.
Pavan Kushwaha: Are SMEs at higher risk for suffering cyber attacks?
Vikas Yadav: SMEs are always at risk since they usually don’t have the resources to focus on a specialized cyber security team. In such cases, it becomes essential for IT employees to be trained in the field of cyber security. Incorporating a separate cyber security curriculum in IT training can be quite helpful. Moreover, it is vital for the senior executives at SMEs to acknowledge the importance of cyber security and take whatever measures they can to ensure it.
No organization is too small to be targeted by cybercriminals and it is extremely important to focus some of the resources towards training all the employees on the basics of cyber security. Adopting a practice as simple as making regular backups of the data and storing it offline can go quite a long way to protect organizations against ransomware attacks.
Pavan Kushwaha: What role does an antivirus play in the fight against phishing attacks?
Vikas Yadav: Antivirus serves as the first line of defense against any malicious software and plays a major role when it comes to cyber security. However, it is not wise to depend completely on antivirus alone to offer protection against cyber threats like phishing. Only a perfectly balanced combination of antiviruses, automated services, proper cyber hygiene and end-point protection solutions can shield you against phishing attacks.
Pavan Kushwaha: What basic measures can an organization take to protect itself against phishing attacks?
Vikas Yadav: First, it is essential to ensure that your organization’s domain is DMARC-compliant to prevent email spoofing. Next, having a decent antivirus in place is just as important. Conducting phishing simulation sessions can be an excellent way of educating your employees and making them cyber vigilantly.
Set up an email gateway or phishing incident response tool to provide employees with a quick and easy way of reporting suspicious or malicious emails. All organizations should put a specific protocol in place to take quick action against the reported emails and determine a safe way of isolating the threatened system from the rest of the network.
Pavan Kushwaha: What can be done in case the attack has already happened?
Vikas Yadav: Inform your IT team at once. In case it is a phishing attack aiming to harvest credentials, it is essential to change your credentials immediately. Also, if you have used the same password across multiple platforms, change the password everywhere. Secondly, you should report it as spam to help the service provider take precautionary measures and prevent the attackers from launching more attacks.
The cyber security experts ended the webinar by answering some of the viewers’ questions. They also invited the viewers to directly contact them in case they had any queries.
So, stay tuned with ‘The Cyber Security Buffs’ by Kratikal to learn more about the different aspects of cyber security from various highly qualified experts.