Don’t buy new laptops, invest in virtual machines to protect against cyberattacks — suggests cybersecurity expert

• Buying new laptops isn’t necessarily the answer to better cybersecurity if you don’t have the right mitigation methods in place.
  
• Siddharth Vishwanath, the partner and leader of cybersecurity at PwC India, says setting up virtual machines may be a more cost-effective and secure way for companies to fend off cyberattacks.
  
• In an interview with Business Insider, Vishwanath explains how enterprises — big and small — can set themselves up to protect against hackers.
  

The coronavirus pandemic and the new work-from-home model has every enterprise thinking about cybersecurity — from micro, small and medium enterprises (MSMEs) to the big wigs like TCS, Wipro and Infosys. And, yes, there is a cost to it but the bigger question is how companies manage that cost, Siddharth Vishwanath, the partner and leader of cybersecurity at PwC India told Business Insider.

“Purchasing hardware or providing software to secure employees’ personal devices (BYOD) will come with additional overhead of deployment, integration, administration and monitoring of devices or software,” he explained. Rather than go about it manually, Vishwanath suggests considering security as a service (SaaS) model.



Instead of buying new devices, shift to the cloud
According to him, businesses can save on costs by leveraging assets that are already there in the cloud. “Such services provide scalability and agility required in current dynamic and challenging times,” he explained. While it may seem like MSMEs are a great risk due to the lack of specialised IT security, large enterprises have a more complex and ever-expanding boundary to cover.

Instead of buying 200 new laptops or providing security solutions for 200 of employee’s laptops, Vishwanath believes it would be more sensible and cost-effective to provision virtual machines (VMs) in the cloud. “These can be charged per hour and only be billed for the 8-10 hours an employee may use per day, whereas a new laptop would require dedicated support SLA and entire device lifecycle commitment,” he explained.

Where do hackers break-in?
Hackers are continuously revamping and building up how they can break into networks and devices, no matter how full-proof security may be. As the cliche goes — the best offence, in this case, is a good defence. Just a more narrow approach, that can focus on the most likely targets, “By concentrating on what I would term chokepoints,” said Vishwanath.


This means covering the basics like the firewall or proxy and Virtual Private Networks (VPNs) for employees. Even if a phishing scam is successful, 2-factor authentication can make it difficult for an attacker to enter a protected network. “By ensuring every employee connecting to corporate resources (on-premises or in the cloud) must go through a two-factor authentication we are reducing the attack surface caused by weak passwords or a phished employee,” he explained.


For employees, that does mean that their company is likely to monitor their traffic to check for malicious connections or emerging attacks vectors — like any new COVID-19 scams.

Just as employees need to adapt to the ‘new normal’, organisations also need to keep their options open. “Backup alone is never an answer,” said Vishwanath. While essential, it’s best to also have next-gen antivirus, network layer scanning and endpoint detection and response (EDR) solutions in place to provide a ‘defence in depth’ for a higher degree of protection.

SEE ALSO:
$4

$4

Wipro confirms phishing attack on its system — 11 other companies unknown>$4