Indian IT industry has successfully transitioned 90% of its workforce to remote working during the nation-wide lockdown. While these employees are working from home, there is a surge in the number of cyberattacks. Hacking and phishing attempts are up 40-50% during the lockdown.
The National Technical Research Organisation (NRTO) has done an industry-wide assessment to check on cyberattacks. Sectors including government undertakings, banking and financial services (BFSI), telecom, power, energy, and transport are susceptible to cyberattacks. The use of personal computers and unsecured internet connections are the majority of reasons behind attacks reported by enterprises.
India's nodal agency to fight against cyberattacks, CERT (Computer Emergency Response Team) has raised a red flag. The agency says that even the Virtual Private Networks (VPNs) are under threat of cyberattacks. It is important to ensure the security of endpoint devices to eliminate the cyberthreat. Personal devices being used to access enterprise infrastructure is leading to cyber attacks. Less secure devices have expanded the threat surface available for cybercriminals.
The official from the National Critical Information Infrastructure Protection Centre (NCIIPC) said, "In view of the lockdown, several critical sector entities have relaxed their geofencing restrictions to allow their personnel to log-in and work from home. This has increased the attack surface available to threat actors (cybercriminals) from neighbouring countries. Another modus operandi being used by them is to send out legitimate-looking corona related advisories impersonating as officials from the government and health organisations, through malicious e-mail attachments."