Companies prepare employees as first line of defence against cyber threats

Amateur players are targeting companies using tools that are easily available online such as ChatGPT to write code.

Companies in India are working to plug gaps in their digital security systems, focussing on employees who are seen as the most vulnerable to cyber frauds.

A critical segment is employees who work from home and get emails purporting to be official communications that require immediate action, with subject lines enticingly referring to payrolls or internal job roles. Such emails typically contain a downloadable file that is the first step in the process of ransomware attacks if the system is not secured.

What’s more, cyber frauds target employees from the logistics sector to fast-moving consumer goods. Experts said the adoption of operational technology, artificial intelligence and machine learning, and the Internet of Things by companies has introduced new attack surfaces and vulnerabilities that cybercriminals can exploit. And they take many forms.

At the DS Group, which has businesses including mouth fresheners, food and beverage, confectionery, hospitality, and luxury retailing, cyber attackers have tried to steal trade secrets, product designs, manufacturing processes, and other sensitive information, chief information security officer Balwant Singh said.

ALSO READ | Why WhatsApp has become a fertile ground for job-offer scams

The reason such attacks have increased is also due to the ease of becoming a cyber fraudster. Amateur players are targeting companies using tools that are easily available online such as ChatGPT to write code.

“Threat actors today are misusing legitimate tools like ChatGPT for code generation that can help less-skilled threat actors effortlessly launch cyberattacks,” said Kapil Mehrotra, group CTO at Dhanuka Agritech.

Awareness takes centre stage

Aggressive and targeted phishing campaigns remain a significant threat to organisations across industries, followed by ransomware, supply chain attacks and social engineering attacks such as pretexting or baiting, which target employees through manipulation or deception.

To tackle this, Allcargo Logistics has been educating its employees regularly about cybersecurity risks, best practices, and emerging threats. The company has open communication channels for employees to report incidents or seek guidance on security matters.

“We will enhance our employee and awareness training programme to address new attack vectors and fraud techniques with an emphasis on the importance of reporting incidents promptly,” said Mihirr P Thaker, chief Information Security Officer at Allcargo Logistics.

The DS Group is integrating cybersecurity into the organisation's culture and processes where employees serve as the first line of defence against cyber threats.

ALSO READ | Rs 1 lakh for an MNC job: How 'helpers’ game corporates

Dhanuka Agritech’s Mehrotra said cyber criminals frequently change their modus operandi and organisations must constantly be vigilant. The company is building a cybersecurity culture and a critical part of this is educating and training employees to be alert while using internet-enabled devices including computers, laptops and smartphones.

Traditional setup

As AI supercharges the landscape, cybersecurity experts said adversaries around the world are using generative AI to execute large-scale malicious attacks.

On the other hand, many Indian organisations still operate legacy business applications that use outdated software and hardware, which can be easily targeted by cyber criminals, according to Diwa Dayal, MD of India & SAARC at SentinelOne, a US cybersecurity firm.

Only 24 percent of organisations surveyed in India have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to a Cisco study. The cost of being unprepared can be substantial – 80 percent of the respondents said they had a cybersecurity incident in the past 12 months and 53 percent of those affected said it cost them at least $500,000 (Rs 4.1 crore).

“When it comes to cybersecurity, India is behind the rest of the world in adopting foundational technology, and hence security leaders are constantly putting out fires as opposed to thinking and acting strategically in support of the business,” he said.