{"id":91559,"date":"2020-07-16T09:00:53","date_gmt":"2020-07-16T16:00:53","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=91559"},"modified":"2023-08-03T15:24:32","modified_gmt":"2023-08-03T22:24:32","slug":"5-cybersecurity-paradigm-shifts-digital-experiences","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/07\/16\/5-cybersecurity-paradigm-shifts-digital-experiences\/","title":{"rendered":"5 cybersecurity paradigm shifts that will lead to more inclusive digital experiences"},"content":{"rendered":"
Whether responding to a natural disaster, defending against a cyberattack, or meeting the unprecedented demands to enable the largest workforce in history to work remotely, we amplify our human capacity through technology. At Microsoft, cybersecurity is the underpinning to helping organizations maintain business continuity during times of change.<\/p>\n
As we look past the pandemic and prepare to implement the lessons we\u2019ve learned during this time of disruption, we are reminded that security technology is also about improving productivity and collaboration through inclusive user experiences. In an industry that has traditionally expected people to adjust their behavior to conform to security policies, this is a transformative idea.<\/p>\n
My team and I share this transformative idea when we work with organizations from around the world who need to enable people to work productively and securely and from a variety of non-traditional locations. Through these interactions, we\u2019ve learned a lot about the role that cybersecurity plays in helping organizations maintain business continuity as we adapt to this new world. As I result, I anticipate five cybersecurity paradigm shifts that will support the evolution of work in a way that centers around the inclusivity of people and data.<\/p>\n
To say that we are living in unprecedented times, is quite frankly, an understatement. Each and EVERY one of us has been impacted\u2014in one way or another\u2014by current events. We\u2019ve had to adapt to new ways of life, in our homes, and our workplaces. And the pace of change has been at a rate none of us have seen before. At times like these, we need empathy more than ever.<\/p>\n
“We have seen two years\u2019 worth of digital transformation in just two months.\u201d<\/em> – Satya Nadella, President & CEO, Microsoft<\/p><\/blockquote>\n
Empathy is the ability to understand the feelings and thoughts of another person. To walk in their shoes. During times of constant disruption and change, empathy can reduce stress and bring people together. We saw empathy at work in the nightly cheers for healthcare workers as they came home from a long day at the hospital in New York and other cities.<\/p>\n
But empathy isn\u2019t just for in-person interactions. By applying empathy to digital solutions, we can make them more inclusive. In cybersecurity that means building tools that can accommodate a diverse group of people\u2019s ever-changing circumstances. It also means developing technology that can forgive mistakes.<\/p>\n
Securing cloud apps offers a great example. There is a good reason that cloud apps have proliferated in enterprises. If you have a challenge, there is probably an app available to solve it. They are easy to access and many are free. But they also pose a security risk. Individuals may share privileged data through apps with security vulnerabilities, not because they don\u2019t care, but because they are too busy to stay up to date on the intricacies of an organization\u2019s data privacy policies.<\/p>\n
Our security tools can empower people to work when, where,\u00a0and how they\u00a0need, and use\u00a0the devices and apps that maximize their productivity.\u00a0Solutions like Microsoft Cloud App Security<\/a> and Azure Information Protection<\/a> accommodate how people want to work, with controls that make organizations more secure. The Microsoft Identity platform<\/a> already adds security like multi-factor authentication (MFA) to 1.4 million unique apps (up 117 %YoY) including brands like ServiceNow,\u00a0GoogleApps, and Salesforce.<\/p>\n
2. The Zero Trust journey has begun<\/h3>\n
In the first 10 days of the pandemic, it became clear that companies that relied on traditional security methods\u2014things like firewalls\u2014were at a disadvantage. Not only did they have trouble meeting the needs of a new remote workforce, but they were also more susceptible to COVID-19 themed threats. Overnight, Zero Trust shifted from a business option to a business imperative.<\/p>\n
Zero Trust is an \u201cassume breach\u201d security posture<\/a> that treats each step across the network and each request for access to resources as a unique risk to be evaluated and verified. This model starts with strong identity authentication everywhere. MFA\u2014which we know prevents 99 percent of credential theft<\/a>\u2014and other intelligent authentication methods<\/a> make accessing apps easier and more secure than traditional passwords.<\/p>\n
As we look past the pandemic to a time when workforces and budgets rebound, Zero Trust will become the biggest area of investment for cybersecurity. This means, that right now, every one of us is on a Zero Trust journey\u2014whether we know it, or not.<\/p>\n
3. Diversity of data matters<\/h3>\n
It wasn\u2019t just individuals, businesses, schools, and governments that rapidly responded to the pandemic, our adversaries also quickly pivoted. Because Microsoft tracks more than 8 trillion daily signals from a diverse set of products, services, and feeds around the globe, we were able to identify new COVID-19 themed threats\u2014sometimes in a fraction of a second\u2014before they reached customers.\u00a0This is just one example of how the power and scale of the cloud has a clear advantage when it comes to combating threats.<\/p>\n
Our diversity of data also allowed us to understand COVID-19 themed attacks in a broader context. Microsoft cyber defenders determined that adversaries\u00a0were primarily adding\u00a0new pandemic themed\u00a0lures\u00a0to familiar\u00a0malware<\/a>. Of the millions of targeted messages\u00a0Microsoft caught\u00a0every day, less than 2 percent included COVID-19 related malicious attachments or URLs<\/a>. Since mid-March when COVID-19 attacks peaked, they\u2019ve decreased to a slightly elevated \u201cnew normal\u201d (See Figure 1). Although the drop off tracks closely to the news, it also coincides with when defenders began increasing phishing awareness training in enterprises. This is a great example of how insights based on good data help us raise the cost of attacks for our adversaries.<\/p>\n
<\/p>\n
Figure 1:<\/em> Trend of COVID-19 themed attacks.<\/em><\/p>\n
Cybercriminals are adept at changing their tactics to take advantage of global or local events to lure new victims. Insights based on more diverse data sets can offer real-time protection as tactics shift. As a result of their\u00a0experiences navigating COVID-19\u00a0related threats, more enterprises are likely to embrace\u00a0cloud-based protection and threat insights.<\/p>\n
4. Cyber resilience is fundamental to business operations<\/h3>\n
One thing we\u2019ve learned from the COVID-19 pandemic is to expect the unexpected. We can\u2019t predict what the next disruption to business continuity will be\u2014whether natural or manmade\u2014but we do know organizations will confront other crises that require a rapid response.<\/p>\n
Today\u2019s businesses are more reliant than ever on cloud technology, and so a comprehensive approach to operational resiliency must include cyber resilience<\/a>.\u00a0 At Microsoft, we benefited from a strategy that focused on four basic threat scenarios: Planful events like weather incidents, unplanned events such as earthquakes, legal events like cyber-attacks, and pandemics like COVID-19.\u00a0 From there, Microsoft set clear priorities around putting life safety above all else, protecting customers, and protecting the company. This allowed us to build out more specific response plans that leverage the flexibility of cloud technology and Zero Trust architecture. We also prepared employees and leadership with drills and table-top exercises.<\/p>\n
Cloud technology helps organizations develop a\u00a0comprehensive\u00a0cyber resilience strategy and makes\u00a0preparing\u00a0for a wide range of\u00a0contingencies\u00a0less\u00a0complicated due to its scalability.<\/p>\n
5. A greater focus on integrated security<\/h3>\n
The COVID-19 outbreak has brought into stark reality of how agile and callous our adversaries can be. To uncover shifting attacker techniques and stop them before they do real damage, organizations need to be able to see across their apps, endpoints, network, and users. Solutions like Microsoft 365 Security, that provide a more integrated view, can help ensure that the next shift won\u2019t be into their blind spot.<\/p>\n
Facing a new economic reality, organizations will also be driven to reduce costs\u00a0by adopting more of the security capabilities built into their cloud and productivity platforms of choice.\u00a0\u00a0This is why digital empathy is so critical to how we move forward as an industry. Whether it\u2019s an organization\u2014or an individual\u2014our ability to be empathetic helps us understand and adapt to the needs of others during times of disruption.<\/p>\n
While digital acceleration will continue to influence the paradigm shifts that shape our industry, one thing remains the same; security technology is fundamentally about improving productivity and collaboration through secure, inclusive user experiences.<\/p>\n
Dig into more data about how attackers exploited the COVID-19 crises<\/a>.<\/p>\n
Read Ann\u2019s blog post, Operational resilience in a remote work world<\/a>.<\/p>\n
Get advice on implementing Zero Trust<\/a>.<\/p>\n
Read Ann\u2019s advice for CISOs on enabling secure remote work<\/a>.<\/p>\n
For more information on Microsoft Security Solutions,\u00a0visit our website<\/a>.\u00a0Bookmark the\u00a0Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"
Cybersecurity has proven to be the foundation for digital empathy in a remote workforce.<\/p>\n","protected":false},"author":96,"featured_media":91561,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3661],"topic":[3669,3689],"products":[],"threat-intelligence":[],"tags":[3896,3753],"coauthors":[1849],"class_list":["post-91559","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-industry-trends","topic-data-protection","topic-zero-trust","tag-credential-theft","tag-cybersecurity-policy"],"yoast_head":"\n
5 cybersecurity paradigm shifts that will lead to more inclusive digital experiences | Microsoft Security Blog<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n\n\n\n\n\t\n\t\n\t\n