NASSCOM Asks Members To Be Vigilant of Cybersecurity Attacks Amidst War

Chennai: Anticipating potential disruptions due to the Middle East crisis, IT industry body NASSCOM has issued a second advisory to its member companies, urging heightened vigilance and preparedness across business continuity and cybersecurity frameworks.

“Periods of geopolitical uncertainty often see a rise in coordinated cyber threats, disinformation campaigns, and infrastructure targeting. Organizations are therefore advised to strengthen their cybersecurity posture and treat the following as immediate priorities,” it said.

To counter such eventualities, member companies are recommended rotation of credentials organisation-wide and apply patches for critical Common Vulnerabilities and Exposures (CVEs).

They have to enforce multi-factor authentication on all external access paths (VPN, RDP, SSH, cloud admin) and implement conditional access controls to counter token-theft and adversary-in-the-middle attacks.

They should assess all third-party vendors with Middle Eastern exposure. One compromised vendor can cascade into sector-wide disruption.

Further, they need to engage ISPs and cloud providers for Distributed Denial-of-Service (DDoS) scrubbing capacity, maintain air-gapped backups for Industrial Control Systems/ Operational Technology, core banking, and healthcare systems, and conduct employee awareness on social engineering attacks themed around possible war like situation, govt. alerts with intent to cause harm.

“NASSCOM continues to monitor the evolving situation in parts of the Middle East and remains in regular contact with the Middle East Council to assess developments on the ground and extend support where required. The industry body is also coordinating with relevant authorities wherever possible to assist member company employees who may be currently in the region,” it added.

One week before, NASSCOM had issued a travel advisory and remote working advisory to its members.