Nasscom flags cyber risks, urges firms to tighten security amid West Asia tensions

Nasscom has issued an advisory to member companies urging heightened vigilance across business continuity and cybersecurity frameworks in view of the evolving geopolitical situation in West Asia, the industry body said on Monday.

While business operations remain stable for now, organisations are reviewing contingency plans and strengthening resilience measures to mitigate potential disruptions if the situation escalates, Nasscom said.

The industry body said companies have begun reviewing and activating business continuity frameworks to ensure operational stability and uninterrupted service delivery in the event of disruptions in affected geographies.

Nasscom said companies are also prioritising employee safety by enabling remote work arrangements for employees located in impacted areas and closely monitoring developments on the ground.

Firms are evaluating alternative infrastructure routing to ensure cloud and data centre resilience and safeguard critical systems, the body said. Companies have also advised employees to limit non-essential travel through the region, which is a key transit hub, and explore alternative travel routes where necessary.

Organisations are also engaging with clients to communicate preparedness measures and ensure continuity of services, Nasscom said.

The advisory also highlighted that periods of geopolitical uncertainty often see a rise in coordinated cyber threats, disinformation campaigns and attempts to target digital infrastructure. It has listed a few other measures under the current situation 

• Companies should strengthen cybersecurity posture by prioritising credential resets and accelerated patching of critical vulnerabilities.

• Multi-factor authentication should be enforced across all external access points, including VPN, RDP, SSH and cloud administrative systems, along with conditional access controls to counter token-theft and adversary-in-the-middle attacks.

• Organisations are advised to conduct supply-chain audits of third-party vendors with exposure to West Asia, as a compromise at one vendor could potentially lead to wider sector disruption.

• Firms should also prepare for possible distributed denial-of-service (DDoS) attacks by coordinating with internet service providers and cloud platforms for mitigation capacity.

• Maintaining offline and immutable backups for critical infrastructure systems such as industrial control systems, core banking platforms and healthcare systems is recommended to ensure resilience.

• Companies should also raise employee awareness around disinformation and social-engineering attacks that may exploit geopolitical developments or government-themed alerts.

• The advisory noted that the situation in parts of West Asia continues to be monitored in coordination with the Middle East Council to assess developments on the ground.

Nasscom said it is also coordinating with relevant authorities wherever possible to assist employees of member companies who may currently be in the region.