The fast changing COVID-19 situation calls for security teams to adopt a dual mission as their response to the pandemic: Maintaining continuity of operations and protecting against new cyberthreats.
he extraordinary efforts taken by many organizations to ensure business continuity despite remote working during the COVID-19 pandemic have increased their exposure to cyberthreats. For example, Google detected 18 million daily malware and phishing emails related to COVID-19 in one week of April alone.
Indonesian companies are also faced with new fraud challenges arising from the increased move to e-commerce, adoption of digital and instant payments and the rapid rise of digital payment platforms. A recently announced customer data hack affecting millions of customers at Tokopedia prompted the Ministry of Information and Communication to request for a thorough internal investigation and to take necessary steps for ensuring safety of user data.
The fast changing COVID-19 situation calls for security teams to adopt a dual mission as their response to the pandemic: Maintaining continuity of operations and protecting against new cyberthreats. While most organizations started with a focus on continuity of business operations, it is becoming increasingly important to give equal attention to protecting against new cyber threats.
McKinsey's recent discussions with cybersecurity leaders suggest that certain actions are especially helpful to fulfill the dual mission.
First, make sure required controls are in place. Adopting technology changes can help the remote workforce maintain safe business practices:
Companies must also enable higher online network-traffic and transaction volumes by putting in place technical building blocks such as a web-application firewall, secure-sockets-layer (SSL) certification, network monitoring, anti-distributed denial of service, and fraud analytics.
Second, help employees understand the risks. Even with stronger technology controls, employees working from home must still exercise good judgment to maintain information security.
Third, review and refresh internal processes. Employees, customers and vendors all play some part in maintaining the confidentiality, integrity, and availability of web-facing networks. Several steps can help organizations to ensure that the activities of these stakeholders are consistent and well-integrated:
The actions described here, while not comprehensive, are helping many organizations to overcome the security difficulties they face and maintain their standing with customers and other stakeholders.
***
The authors are from McKinsey & Company. Vishal Agarwal is a partner based in the firm’s Singapore office, where Aman Dhingra is an associate partner, and Aastha Sethi is an analyst based in Gurgaon.
Share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.
Thank you for sharing your thoughts. We appreciate your feedback.