As the landscape of work has changed, so have cyberthreats. Technology has enabled the rise of remote and hybrid working. However, this increasingly complex environment also means there’s more vulnerabilities. Leaders have seen three trends rise:
- Stay competitive in a fast-evolving business landscape.
- Defend against cyber threats.
- Achieve both the above goals while reducing complexity and modernising the business.
To manage risk in a hyper-connected digital environment, organisations must evolve their cybersecurity strategies. A traditional perimeter-based approach needs to shift to a posture of resilience.
At Microsoft, we analyse over 24 trillion threat signals daily and engage with hundreds of thousands of customers. This allows us to share our unique perspective on the threat landscape and the top challenges facing organisations today, and the ways they can overcome them.
Embrace vulnerability to drive cyber resilience
In today’s world, work happens across premises, cloud applications, devices and networks. However, our Work Trend Index states 52 percent of employees are considering hybrid or remote work. That means flexible ways of working are here to stay.
As a result, businesses won’t be able to retreat back to walled on-premise security options. Leaders must embrace vulnerability as a feature of hybrid work and minimise the business impact of attacks.
Implement the cybersecurity fundamentals
According to our Digital Defense Report, basic security hygiene still protects against 98 percent of attacks. Take basic security precautions like:
- Enabling multifactor authentication
- Applying least privilege access
- Keeping versions up to date
- Utilising antimalware
- Protecting data
This can help organisations prepare for and mitigate most modern cyber threats. Additionally, it can help prepare for the evolution of threats as technology advances.
Adopt Zero Trust for cyber resilience
In a world where it’s harder to predict or prevent an attacker, it’s important to assume they will get in and limit their exposure. This approach – never trust, always verify – is called Zero Trust. By centering on strong user identity, device health verification, and secure, least-privileged access to resources, organisations can minimise unwanted movement. Plus, rich analytics and intelligence can help detect and respond in real time.
A Total Economic Impact™ study conducted by Forrester Consulting and commissioned by Microsoft found that Zero Trust unlocked 92 percent return of investment and reduced the risk of a data breach by 50 percent.
As we connect more systems together, our security landscape can become more complex. When you focus on digital empathy, you can ensure users can easily and securely engage with the environment. By thinking about the way users interact and use technology, you’ll build more inclusive, resilient systems.
Education is also key. With ongoing and engaging skilling, you’ll build a culture of enablement, trust, and engagement. This will significantly improve reporting and provide earlier warning of attacks. We saw a 50 percent year-over-year reduction in employee susceptibility to phish attacks after simulation training.
Insider risk, whether malicious or negligent, can cost organisations up to US$4.6m per incident, according to the 2022 Cost of Insider Threats Global Report by Ponemon Institute. It’s important to develop the right strategy that supports digital empathy, while reducing insider risk.
Unify your digital estate
As organisations move to cloud servers to deliver business functions, there is the need to have effective threat protection, mitigation strategies, and tools in place. 61 percent of security leaders say the cloud is the most susceptible to attack. Securing the cloud takes a different approach than securing an internal network. However, with misconfiguration and inconsistent security policy application being the chief cloud vulnerabilities, it’s important to ensure you have informed cloud experts in your team.
Protect devices and endpoints
A Zero Trust approach alongside integrated business security solutions can help build resilience, while protecting across your digital estate, including endpoints. And when paired with devices that have built-in security, empower employees to focus on their work while staying secure.
Weave cybersecurity into business function to build cyber resilience
Our research found that more than half of security leaders feel vulnerable to a significant cyberattack. At the same time, those who felt most vulnerable are the most mature in their security posture.
A Zero Trust posture elevates security from a protective service to a strategic business enabler. By ensuring everyone can understand policies and risks, security is embedded into each function, building a culture of trust.
Cloud technology can also help build resilience by making organisations more agile to external factors like natural disasters and other incidents – not just cyberthreats. And all while driving innovation and productivity.