The cybersecurity landscape has basically varied, as evidenced by large-scale, complex strikes like Nobelium, Hafnium, and more recently last week’s Colonial Pipeline attack, which signals that human-operated ransomware is on the rise.
Hackers launching an average of 50 million password onslaughts every day — 579 per second. Phishing attempts have increased. Firmware attacks are on the rise, and ransomware has become incredibly problematic. And while Microsoft intercepted and frustrated a record-breaking 30 billion email menaces last year, our work is never done.
Security continues to be a number one priority for our patrons, especially as many companies around the world are looking to transition from remote work to hybrid. To truly meet this challenge, champions across the industry must come together for an end-to-end, Zero Trust security approach that covers the entire engineering ecosystem. Because today, digital change cannot happen without security transformation.
The future of work is hybrid: Here’s what we can do
Even as many people start to transition back to the office, we expect a future where hybrid work is the norm. Forrester predicts that once people have settled into their new work patterns post-pandemic, we will still understand a 300 percent an increasing number of employees operating remotely from pre-pandemic degrees. According to our own Work Trend Index, The Next Great Disruption is Hybrid Work–Are We Ready ?,4 6 percent of people plan to move because they can now job remotely.
People are working on corporate networks and home networks and moving fluidly between the enterprises and personal activity online thanks to technologies intertwined with both aspects of our daily routines. The network is changing with employees’ home networks and devices are now part of the corporate network. What this means for organizations is that the network is abruptly without firm borders.
Our own approach
My friend and colleague Bret Arsenault, Microsoft’s Chief Information Security Officer, had the mammoth undertaking of transitioning Microsoft and its 160,000 plus employees to remote work in March 2020 and has created our technology plan to transition to hybrid work.
Keeping machines healthy and managed: All devices that need access to corporate resources must be managed to seamlessly keep your device secure and protected from phishing and malicious websites. Construct security everyone’s job: We will offer new teach, opportunities to provide feedback, and a new virtual security peak to ensure our employees are empowered and equipped to be more secure. Securing home offices: We will continue to build and give resources and guidelines for employees that will work remotely either portion or full time. House for Zero Trust: We are asking our developers to build with a Zero Trust mentality.
While we have been remote, and as one of the purposes of our Zero Trust approach, we have also been moving employees off the corporate network. An internet-first approach reduces exposure and gives employees a consistent experience whether they are at home or in the office.
We believe that security is a team sport and that when we share what we’re learning, we can all stimulate the world countries a safer place. So we are sharing Bret’s guidance with our customers and collaborators. These specific steps will be the first of many in ensuring our hybrid personnel is as procure as possible.
There are other practical things that we will continue to focus on, and every business should consider as we move into hybrid work.
Identity is more important than ever: Use the tools you likely already have to protect it
Through NOBELIUM and other recent strikes, a clear theme has emerged–identity is the battleground for assaults of the future. We know weak passwords, password spraying, and phishing are the entry point for the vast majority of attacks. As our own CISO, Bret Arsenault, likes to say, “hackers don’t break in, they log in.”
A great example of this is multifactor authentication( MFA ). MFA is a defense that our clients have available to them, yet when looking at our own client data, only 18 percent have it turned on. Any customer with a commercial service subscription–Azure or Microsoft 365 — can turn on MFA at no additional cost.
We visualized a significant jump in usage when the pandemic began. And when “thats happened”, we read a significant decrease in aggregate compromises–people thought they were activating to protect only remote access, but MFA protects the entire network.
We work with many kinds of organizations of all sizes–for some, implementing MFA is as easy as flipping the switching. But we understand and sympathize that for others it’s much more complex. We’re actively is an attempt to induce MFA rollout easier and more seamless for our customers, as well as ensuring that the end-user experience is as frictionless and friendly as possible. We are dedicated to working alongside our customers to attain everyone more secure. We’ve introduced a number of programs to drive MFA adoption–from the introduction of security defaults to devoting patrons an entire toolset for internal communications.
Embrace a Zero Trust mindset
In a world where identity is the new battleground, adopting a Zero Trust strategy is no longer an option, it’s a new business imperative. People and organizations need to have trust in the technologies that bring them together. The term Zero Trust may feel like the opposite of that, but when you assume breach and provide the least privileged access necessary, it actually empowers employees with the flexible and freedom they want.
The hybrid world is largely perimeterless, so wrapping protections around identity and machines is critical. As one of the purposes of Zero Trust, we also think the future is passwordless and we will start to see that transition this year.
In fact, to help our patrons on their Zero Trust travel “we ii” aroused to roll out a new Zero Trust assessment tool today that can help companies understand where they are currently and where they need to go.
For a deeper look at the imperatives around Zero Trust and how Microsoft is reimagining the concept of identity for a perimeterless world, read Joy Chick’s blog, 5 identity priorities for 2021 — strengthening security for the hybrid run age and beyond, from Microsoft Ignite.
The benefits of the cloud for a remote or hybrid workforce are plentiful. Business-critical information can be accessed over the network, constructing it easy to have workers in any location.
Over the next 6 to 12 months, we will see rapid migration to the cloud, as companies recover from 2020 and implement new infrastructure. In a recent survey of our Microsoft Intelligent Security Association( MISA) partners, 90 percentage reported that customers have accelerated their move to the cloud due to the pandemic.
Having a strong cloud posture also provides a level of security that most corporations only couldn’t achieve on their own. And we learned from NOBELIUM that the vast majority of strikes originated on-premises, while onslaughts via the cloud were largely unsuccessful.
Invest in people and skills–and focus on diversity
We know that attackers exploit not only our digital holes, but the holes in our defender squads. Right now, we have two big problems: a shortage of cybersecurity professionals and a lack of diversity within squads. In the coming year, attackers will find these gaps and take advantage.
There is an estimated shortfall of 3.5 million security professionals this year — 91 percentage of our MISA partners report more requirement than furnish for cybersecurity professionals. This shortage can entail not only unfilled posts but also too much work on the shoulders of existing teams.
How do we solve this? We build the labour force of the future. We teach, teach, and arm new champions. After all, anyone can be a superhero of cybersecurity. It just takes fervour and purpose–and some skilling.
I securely belief anyone can be a defender, and with the proper training programs, we can all work together to build a cybersecurity workforce that reflects our planet. We must build diverse squads that reflect the many standpoints of people globally, including the same demographics as the attackers themselves, to meet its protection and privacy challenges of our time.
That’s why we’re pleased to offer new skilling programs and certifications across security, conformity, and identity. There are programs available for all levels of expertise , no matter where a defender is on their journey.
Fortunately, in a future where remote work is more common, the world is our oyster in terms of cultivating new and diverse talent. No longer constrained by physical agency places, it’s an arousing time to find the next generation of defenders and help them develop.
We’re emerging from a year that has altered the world forever. It altered the route we live and work, brought new challenges in cybersecurity, and reminded all of us that there is no playbook for change.
But where there’s uncertainty, there is also the power to shape the world in positive and profound ways. At the heart of security and privacy protection is the freedom to imagine, program, empower, and inspire.
To learn more about Microsoft security answers and how to optimize your Zero Trust strategy, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post Securing a new world of hybrid operate: What to know and what to do seemed first on Microsoft Security .
Read more: microsoft.com