{"id":51825,"date":"2021-09-06T13:07:31","date_gmt":"2021-09-06T12:07:31","guid":{"rendered":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/?p=51825"},"modified":"2021-09-07T14:13:44","modified_gmt":"2021-09-07T13:13:44","slug":"future-proof-secure-against-cyberattacks","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2021\/09\/06\/future-proof-secure-against-cyberattacks\/","title":{"rendered":"How to future-proof and secure your organisation against cyberattacks"},"content":{"rendered":"

\"The<\/p>\n

The evolving threat landscape has highlighted how attackers are refining their tactics and techniques. It also shows just how far they\u2019re willing to go to disrupt organisations with cyberattacks.<\/p>\n

Let’s take the example of human-operated ransomware, and the deliberate targeting of critical infrastructure. This is designed to cause as much financial, operational and societal impact as possible. Additionally, this is often compounded by the pressure from consumers, media and government \u2013 and one where core supply chains are cut off or severely disrupted. While the motivation of the cyberattack varies, there is a rise of recklessness. Attackers go beyond disruption into destruction as they learn how to combat and evade security defences. This puts business leaders in a position where they feel they have limited options. With the response likely to play out in the public domain, they often feel like they must pay the extortion demands either to restore services or prevent further disruption.
\n\"39%<\/p>\n

Enterprise resilience is needed to recover from human-operated cyberattacks. This goes beyond just cyber resilience. It requires a multi-faceted business, technology and operational response to recover services as quickly and effectively as possible across all domains. Resilience is the ability of the business to recover from failures and continue to function, in adverse conditions. It’s not about avoiding<\/em> failures. It’s about taking proactive action to detect and respond<\/em>\u00a0to failures in a way that reduces downtime or data loss.<\/p>\n

In the Microsoft Societal Resilience research program<\/a>, we define resilience as\u00a0the capacity to anticipate, absorb, and adapt to disruption<\/em><\/strong>. As Dr Peter Lee, Microsoft CVP of Research and innovations, says: \u201cIf we don\u2019t acknowledge our risks, we can\u2019t anticipate and prepare for them\u201d. This is especially true in today\u2019s world of radical innovation, where the threat actors often move faster than organisations do.<\/p>\n

\"Just<\/p>\n

Planning for enterprise resilience against cyberattacks<\/h2>\n

Business continuity and information protection are absolute requirements for every business. But it can often entail cost, complexity, compliance, and resource to maintain. Using a cloud-based strategy helps to mitigate many of these issues. Building reliable and secure systems in the cloud is a shared responsibility. The reliability \u2018of<\/strong>\u00a0\u2018the cloud is the responsibility of the cloud service provider. The reliability\u00a0\u2018in\u2019\u00a0<\/strong>the cloud is the responsibility of the organisation. However, according to the\u00a0National Cyber Security Centre, only three in 10 businesses have business continuity plans that cover cybersecurity<\/a>.<\/p>\n

How to build a secure cloud strategy<\/h2>\n

\"The<\/p>\n

Those new to cloud should begin with Azure\u2019s Cloud Adoption Framework,<\/a> to determine business drivers and strategy. The Microsoft Azure Well-Architected Framework<\/a> is a set of guiding tenants that architects, developers and solution owners can use to build and optimise reliable, secure and resilient services in the cloud.<\/p>\n

Design for reliability and security<\/h2>\n

Designing for reliability requires an assume failure mindset. Designing for security requires an assume compromise mindset.<\/p>\n

Cybersecurity is hard to mitigate for. Adversaries are working to counteract the business continuity strategy by actively adapting and navigating the controls that the business has implemented. If a plan is too rigid and does not anticipate change, it can often fail as the business is not able to react and pivot quickly enough to the ferocity of change or cyberattacks.<\/p>\n

Machine learning and AI can take the pressure off IT or security teams with real-time threat detection and automation. This allows them to focus on higher value tasks, such as designing resilient workloads.<\/p>\n

Choose the right workload<\/h2>\n

Designing workloads that are resistant to both natural disasters and malicious human intervention such as cyberattacks requires a thoughtful combination of high availability, disaster recovery and backup solutions. Across the whole environment, you need to consider how likely the primary control is to fail and the potential organisational risk if it does. Additionally, you need to counteract any of these with mitigating factors.<\/p>\n