With the increasing reliance on internet for all kinds of work, both individuals and organisations stand at a high risk from attacks from cyber threat actors.
Keeping this in mind, the Department of Telecommunications (DOT) has in an Order dated July 8, 2020 informed about the growing prevalence of cyber-attacks and have also listed out various methods that are adopted by cyber threat actors. At the same time, DOT has issued certain best practices that can be adopted to secure the internet connected systems and avoid cyber-attacks as far as possible.
The Order explains the following forms of cyber-attack-
1. Spear Phishing Mail
2. Evading traffic analysis
3. Exploiting web application vulnerabilities.
4. Creation of dubious Apps
5. Disturbed Denial of Service (DDoS) attack
Cyber threat actors are now also using some of these methods, such as spear phishing mail and creation of dubious Apps to launch fresh attacks on the COVID-19 theme .
The DOT has emphasised that to ensure that systems are secure against such cyber security threats, it is essential that protections are in place in the ICT systems at the organisational level. In this regard, the DOT has listed out the best practices for organisational security at Annexure I of the document.
Additionally, recognizing the current situation, where several organisations have opted for work from home (WFH) and a number of personal computers are being used to connect to organisational networks, the DOT has listed out the best practices to be followed at user level by persons so operating. This can be found at Annexure II of the document.
Source : Department of Telecommunications
