On February 25, 2020, Microsoft Chief Information Security Officer( CISO) Bret Arsenault was attending the RSA Conference in San Francisco when the city declared a state of emergency because of COVID-1 9. Shortly after flying back to Seattle, Bret learned of the first demise from the coronavirus in Washington state. He and other members of Microsoft’s Risk Management Council worked on the company’s crisis response. To kick off National Cybersecurity Awareness Month, I spoke with Bret Arsenault on a recent episode of Afternoon Cyber Tea with Ann Johnson.
As CISO, Bret is responsible for disaster recovery at the enterprise level. He is the chair of Microsoft’s Risk Management Council and has directed Microsoft’s crisis management in the wake of COVID-1 9. It responded to 30 crises a year, with life-time security the highest priority, followed by customers and Microsoft. The council focuses on preparation for four types of disaster and crisis recovery: planned acts( such as weather storms ), unplanned acts( such as natural disasters ), illegal attempts, and pandemics. Cyberattacks typically fall under illegal attempts. Certain events, such as the Olympics and elections, tend to draw out opportunistic bad actors more than others because people are more vulnerable to social engineering attacks.
Similarly, the pandemic and the social unrest in the United Nation have made people more susceptible to phishing swindles and other cyberattacks. Before the pandemic, cybersecurity incidences had doubled every year for five years. During the pandemic, opportunistic campaigns, including a huge increase in human-operated ransomware attacks, have emerged because of people’s social engineering vulnerability. The number of phishing defrauds hasn’t changed much, however, the approach has shifted to mimicking health information websites and other pandemic-related schemes. Because more people are running from home, there’s been a big increase in bad actor campaigns targeting desktop protocol.
During our conversation, we also spoke about how to build a disaster recovery program and how moving to a Zero Trust security model helped Microsoft respond more agilely to the new security threats created by the pandemic. Over the past year, that approach has signified stimulating sure all machines are overseen, necessitating multifactor authentication, figuring out how productivity apps work in a distributed lane, and moving all meetings to Microsoft Teams. Microsoft likewise prioritized service monitoring and user identity and access.
Despite all the planning, “theres been” surprises, such as realizing that eight-hour all-hands fulfills aren’t effective when online and that moving all fulfills online generates a level playing field for employees. To learn what cybersecurity steps to take when your entire workforce is remote, listen to Afternoon Cyber Tea with Ann Johnson: Working Through It: Operational Resilience in the Face of Disaster on Apple Podcasts or PodcastOne.
A new season of Afternoon Cyber Tea with Ann Johnson launches today featuring Admiral( RET) Mike Rogers, Former Head of United Nation Cyber Command, discussing the most recent cyberattacks on the US supply chain and what we can do to stop them! Check out new episodes every Tuesday. In this important cyber series, Ann will talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, IoT, and other emerging tech.
“It isn’t just about technology. Never forget the human dynamic in all this. Again, I used to say this to our nation’s leadership,” Sir, you can write the biggest check in the world and it still won’t be enough. We can’t solve this by just hurling fund at their own problems .” Put another way, we can have the greatest technology with the highest level of investment, but if we don’t have a smart user community, that builds smart choices, that’s part of our strategy …. It’ll be totally undermined everyday by bad options that our consumers are making.”- Admiral( RET) Michael Rogers, Former Head of United State Cyber Command
You can listen to Afternoon Cyber Tea with Ann Johnson on:
Apple Podcasts: You can also download the episode by click the Episode Website link. PodcastOne: Includes the option to subscribe, so you’re advised as soon as new episodes are available. CISO Spotlight page: Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, conformity, running passwordless, and more.
To learn more about Microsoft Security answers, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.
The post Afternoon Cyber Tea: Microsoft’s cybersecurity response to COVID-1 9 seemed first on Microsoft Security Blog .
Read more: microsoft.com