The cybersecurity landscape has fundamentally changed, Security continues to be a number one priority for our customers, especially as many companies around the world are looking to transition from remote work to hybrid. To truly meet this challenge, defenders across the industry must come together for an end-to-end, Zero Trust security approach that covers the entire technology ecosystem. Because today, digital transformation cannot happen without security transformation.
The future of work is hybrid: Here’s what you can do
Even as many people start to transition back to the office, we expect a future where hybrid work is the norm. Forrester predicts that once people have settled into their new work patterns post-pandemic, we will still see a 300 percent increase in employees working remotely from pre-pandemic levels. According to our own Work Trend Index, 46 percent of people plan to move because they can now work remotely.
People are working on corporate networks and home networks and moving fluidly between business and personal activity online thanks to technologies intertwined with both aspects of our daily routines. The network is changing with employees’ home networks and devices are now part of the corporate network. What this means for organisations is that the network is suddenly without firm borders.
A good approach:
- Keeping devices healthy and managed: All devices that need access to corporate resources must be managed to seamlessly keep your device secure and protected from phishing and malicious websites.
- Making security everyone’s job: We will offer new training, opportunities to provide feedback, and a new virtual security summit to ensure our employees are empowered and equipped to be more secure.
- Securing home offices: We will continue to build and offer resources and guidelines for employees that will work remotely either part or full time.
- Building for Zero Trust: We are asking our developers to build with a Zero Trust mentality.
We believe that security is a team sport and that when we all share what we’re learning, we can all make the world a safer place. There are other practical things that to continue to focus on, and every business should consider as they move into hybrid work.
Identity is more important than ever: Use the tools you likely already have to protect it
A clear theme has emerged—identity is the battleground for attacks of the future. We know weak passwords, password spraying, and phishing are the entry point for the vast majority of attacks. In building a defense for our new threat landscape, the first thing every business should do is examine the tools they already have.
A great example of this is multifactor authentication (MFA). MFA is a defense that many customers have available to them, yet when looking at some recent customer data, only 18 percent have it turned on. Any customer with a commercial service subscription—Azure or Microsoft 365—can turn on MFA at no additional cost.
We saw a significant jump in usage when the pandemic began. And when that happened, we saw a significant decrease in aggregate compromises—people thought they were activating to protect only remote access, but MFA protects the entire network.
Embrace a Zero Trust mindset
In a world where identity is the new battleground, adopting a Zero Trust strategy is no longer an option, it’s a new business imperative. People and organisations need to have trust in the technologies that bring them together. The term Zero Trust may feel like the opposite of that, but when you assume breach and provide the least privileged access necessary, it actually empowers employees with the flexibility and freedom they want.
The hybrid world is largely perimeterless, so wrapping protections around identity and devices is critical. As part of Zero Trust, we also think the future is passwordless and we will start to see that transition this year. In fact, to help our customers on their Zero Trust journey we are excited to roll out a new Zero Trust Digital Assessment that can help companies understand where they are currently and where they need to go.
Take advantage of more robust security in the cloud
The benefits of the cloud for a remote or hybrid workforce are plentiful. Business-critical information can be accessed over the network, making it easy to have workers in any location.
Over the next 6 to 12 months, we will see rapid migration to the cloud, as companies recover from 2020 and 2021 and implement new infrastructure. In a recent survey of our Microsoft Intelligent Security Association (MISA) partners, 90 percent reported that customers have accelerated their move to the cloud due to the pandemic.
Having a strong cloud posture also provides a level of security that most companies just couldn’t achieve on their own.
Invest in people and skills—and focus on diversity
I firmly believe anyone can be a defender, and with the proper training programs, we can all work together to build a cybersecurity workforce that reflects our planet. We must build diverse teams that reflect the many viewpoints of people globally, including the same demographics as the attackers themselves, to meet the security and privacy challenges of our time.
Fortunately, in a future where remote work is more common, the world is our oyster in terms of cultivating new and diverse talent. No longer constrained by physical office locations, it’s an exciting time to find the next generation of defenders and help them develop.
We’re emerging from a year that has altered the world forever. It changed the way we live and work, brought new challenges in cybersecurity, and reminded all of us that there is no playbook for change. But where there’s uncertainty, there is also the power to shape the world in positive and profound ways. At the heart of security and privacy protection is the freedom to imagine, plan, empower, and inspire.
As security professionals, it is within our superpowers to help people and organizations feel safe and be safe—to help them persist in the face of adversity with optimism, empathy, and peace of mind.