{"id":91690,"date":"2020-08-19T09:00:11","date_gmt":"2020-08-19T16:00:11","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=91690"},"modified":"2023-05-15T23:07:00","modified_gmt":"2023-05-16T06:07:00","slug":"microsoft-shows-pandemic-accelerating-transformation-cyber-security","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/08\/19\/microsoft-shows-pandemic-accelerating-transformation-cyber-security\/","title":{"rendered":"New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security"},"content":{"rendered":"

\"An<\/p>\n

The importance of cybersecurity in facilitating productive remote work was a significant catalyst for the two years-worth of digital transformation<\/a> we observed in the first two months of the COVID-19 pandemic. In this era of ubiquitous computing, security solutions don\u2019t just sniff out threats, they serve as control planes for improving productivity and collaboration by giving end-users easier access to more corporate resources<\/a>. Microsoft recently concluded a survey of nearly 800 business leaders of companies of more than 500 employees in India (IN), Germany (DE), the United Kingdom (UK) and the United States (US) to better understand their views of the pandemic threat landscape, implications for budgets and staffing, and how they feel the pandemic could reshape the cyber-security long-term.<\/p>\n

Among the key insights are data showing that an alarming number of businesses are still impacted by phishing scams, security budgets, and hiring increased in response to COVID-19, and cloud-based technologies and architectures like Zero Trust are significant areas of investment moving forward.<\/p>\n

Improving Productivity & Mitigating Threats<\/h2>\n

Security and IT teams have been working overtime to meet business goals while simultaneously staying ahead of new threats and scams. \u201cProviding secure remote access to resources, apps, and data\u201d is the #1 challenge reported by security leaders. For many businesses, the limits of the trust model they had been using, which leaned heavily on company-managed devices, physical access to buildings, and limited remote access to select line-of-business apps, got exposed early on in the pandemic. This paradigm shift has been most acute in the limitations of basic username\/password authentication. As a result, when asked to identify the top security investment made during <\/em>the pandemic the top response was Multi-factor authentication (MFA)<\/a>.<\/p>\n

\"An<\/p>\n

In other ways, pandemic security risks feel all too familiar. Asked to identify their best pre-pandemic security investment, most identified anti-phishing technology.\u00a0 Microsoft Threat Intelligence teams<\/a> reported a spike in COVID-19 attacks in early March as cybercriminals applied pandemic themed lures to known scams and malware. Business leaders reported phishing threats as the biggest risk to security in that same timeframe, with 90% of indicating that phishing attacks have impacted their organization. More than half said clicking on phishing emails was the highest risk behavior they observed and a full 28% admitted that attackers had successfully phished their users.\u00a0 Notably, successful phishing attacks were reported in significantly higher numbers from organizations that described their resources as mostly on-premises (36%) as opposed to being more cloud-based.<\/p>\n

\"A<\/p>\n

\"An<\/p>\n

Security Impacting Budgets and Staffing<\/h2>\n

The role of security in remote work is having a direct impact on security budgets and staffing in 2020 as businesses scale existing solutions, enabling critical new capabilities like MFA, and implement a Zero Trust strategy. In order to adapt to the many business implications of the pandemic, a majority of business leaders reported budget increases for security (58%) and compliance (65%). At the same time, 81% also report feeling pressure to lower overall security costs.\u00a0 Business leaders from organizations with resources mostly on-premises are especially likely to feel budget pressure, with roughly 1\/3rd feeling \u2018very pressured.\u2019<\/p>\n

To rein in expenses in the short-term, leaders say they are working to improve integrated threat protection to reduce the risk of costly breaches and acquire security solutions with self-help options for users to drive efficiency. In the longer-term, nearly 40% of businesses say they are prioritizing investments in Cloud Security (Cloud Access Security Broker, Cloud Workload Protection Platform, Cloud Security Posture Management), followed by Data & Information Security (28%) and anti-phishing tools (26%).<\/p>\n

\"A<\/p>\n

Technology alone cannot keep pace with the threats and demands facing businesses and their largely remote workforces. Human security expertise is at a premium with more than 80% of companies adding security professionals in response to COVID-19.<\/p>\n

\"A<\/p>\n

5 Ways the Pandemic is Changing Cybersecurity long-term<\/h2>\n

The pandemic has accelerated digital transformation is several ways that are likely to change the security paradigm for the foreseeable future<\/a>.<\/p>\n

1. Security has proven to be the foundation for digital empathy in<\/strong> a remote workforce during the pandemic. When billions of people formed the largest remote workforce in history, overnight, teams learned much more than how to scale Virtual Private Networks. Companies were reminded that security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences. Improving end-user experience and productivity while working remotely is the top priority of security business leaders (41%), with \u201cextend security to more apps for remote work\u201d identified as the most positively received action by users. Not surprisingly, then, \u201cproviding secure remote access to resources, apps, and data\u201d is the biggest challenge. For many businesses, the journey begins with MFA adoption.<\/p>\n

2. Everyone is on a Zero Trust journey<\/strong>. Zero Trust shifted from an option to a business priority in the early days of the pandemic. In light of the growth in remote work, 51% of business leaders are speeding up the deployment of Zero Trust capabilities. The Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey. That reality is reflected in the numbers like 94% of companies report that they are in the process of deploying new Zero Trust capabilities to some extent.<\/p>\n

\"An<\/p>\n

3. Diverse data sets mean better Threat Intelligence<\/strong>. The pandemic illustrated the power and scale of the cloud as Microsoft\u00a0tracked more than 8 trillion daily threat signals\u00a0from\u00a0a diverse set of products, services, and feeds around the globe.\u00a0A blend of automated tools and human insights helped\u00a0to identify new COVID-19 themed threats before they reached customers\u00a0\u2013 sometimes in a fraction of a second. In other cases, cloud-based filters and detections alert security teams to suspicious behavior. Not surprisingly, 54% of security leaders reported an increase in phishing attacks since the beginning of the pandemic.<\/p>\n

4. Cyber resilience is fundamental to business operations<\/strong>. Cybersecurity provides the underpinning to operationally resiliency as more organizations enable secure remote work options. To maintain cyber resilience, businesses need to regularly evaluate their risk threshold and ability to execute cyber resilience processes through a combination of human efforts and technology products and services. The cloud makes developing a\u00a0comprehensive\u00a0Cyber Resilience strategy and\u00a0preparing\u00a0for a wide range of\u00a0contingencies simpler.<\/p>\n

More than half of cloud forward and hybrid companies report having cyber-resilience strategy for most risk scenarios compared to 40% of primarily on-premises organization. 19% of companies relying primarily upon on-premises technology do not expect to maintain a documented cyber-resilience plan.<\/p>\n

5. The cloud is a security imperative<\/strong>. Where people often thought about security as\u00a0a\u00a0solution\u00a0to deploy on top\u00a0of existing infrastructure, events like Covid-19 showcase the need for truly integrated security\u00a0for companies of all sizes.\u00a0As a result,\u00a0integrated\u00a0security\u00a0solutions\u00a0are\u00a0now seen as\u00a0imperative.<\/p>\n

\"A<\/p>\n

These insights from security leaders echo many of the best practices that Microsoft has been sharing with customers and working around the clock to help them implement. The bottom line is that the pandemic is clearly accelerating the digital transformation of cyber-security. Microsoft is here to help. \u00a0If any of the insights we\u2019ve shared today resonate with you and your teams, here are a few things you should consider<\/p>\n