Unregistered devices become key security hurdle for Indian firms amid hybrid work

Employees using unregistered devices to connect to company platforms is putting Indian companies at risk of hacks. This comes at a time when most companies in India are choosing to run operations in a hybrid manner, increasing the need for employees to connect to in-house platforms and systems remotely. 

According to a report published today by networking major Cisco, employees using unregistered devices to connect to work platforms has become a key concern for Indian firms. The company surveyed 6,700 security professionals from 27 countries, including 1000 in India, and found that over 95% respondents said employees are using unregistered devices to connect to work platforms.

“While BYOD (bring your own device) creates better convenience for employees as we’ve seen over the last 2-3 years, it has put thousands of unregistered devices on corporate network and it is more about the maturity of a company on how it invests in security solutions, create policies and give access to employees and other stakeholders,” said Rahul Aggarwal, cyber security expert and Partner-PwC. 

In a company’s network, registered devices are laptops, mobile phones etc. that have been verified by IT teams and have the right kind of security tools built-in to ensure security. They do this using digital certificates that allow computer systems to verify a device.

Unregistered devices, on the other hand, include personal laptops and mobile phones, which may not have been verified. Such devices are often used by entire families, and may have vulnerabilities that hackers can exploit. When employees use such devices to connect to company systems, attackers can use the vulnerabilities to exploit those systems.

There are multiple risks associated with logging in from unregistered devices, the study said. About 82% respondents in the Cisco study have said that their employees spend more than 10% of the day working from these unregistered devices that often have backdoors and other vulnerable software that can get into work platforms and affect firms.

Vishak Raman, vice president of Sales, India and SAARC, at cyber security solutions firm Fortinet, said that devices connecting to a company’s network need to be continuously monitored. 

Indian firms have faced an unprecedented growth in cyberattacks since the pandemic. A December 2022 report by virtual private network (VPN) provider NordVPN, found 12% of all user data found in cybercrime marketplaces (sold on dark web) belonged to Indians. Another report, published in September 2022 by security firm Trend Micro, found that 75% of Indian firms have been hit by ransomware attacks since 2019.

Raman noted that other than monitoring devices, companies also need to have an “incident response plan”, which basically allows them to respond quickly to any hack. This includes having a plan for responding to all eventualities regarding a breach, including isolation, investigation, and remediation, is vital to mitigating the damage an attack can cause.