October is cybersecurity awareness month in the United States. Looking back at what we experienced in Indonesia during this pandemic, we are reminded that cybersecurity technology has an important role in maintaining business continuity and empowering employees to work productively and safely outside the office.
By looking at the events that took place during the pandemic, Microsoft anticipates five paradigm shifts in cybersecurity that will support the evolution of jobs centered on people and data inclusiveness, namely:
1. Digital empathy
Microsoft understands that we have had to very rapidly adapt to new ways of life, in the home, and in the workplace. At times like these, we need empathy, which is the ability to understand the feelings and thoughts of another person, more than ever. Empathy can reduce stress and bring people together. We saw empathy at work as Indonesians around the country applauded and supported medical professionals and other essential workers during the pandemic.
“By applying empathy to digital solutions, we can make them more inclusive. In cybersecurity that means building tools that can accommodate a diverse group of people’s ever-changing circumstances, ”said Haris Izmee, President Director of Microsoft Indonesia.
“It means developing technology that can forgive mistakes, such as secure cloud apps that can empower people to work when, where, and how they need, as well as use the devices and apps that maximize their productivity. Our ability to empathize helps us understand and adapt to the needs of others during times of disruption,” added Haris.
2. Zero Trust
In the first 10 days of the pandemic, companies that relied on traditional security methods—things like firewalls—were at a disadvantage as they not only had trouble meeting the needs of a new remote workforce, but they were also more susceptible to COVID-19 themed threats. Overnight, Zero Trust shifted from a business option to a business imperative.
Zero Trust is an “assume breach” security posture that treats each step across the network and each request for access to resources as a unique risk to be evaluated and verified. This model starts with strong identity authentication everywhere. Multi Factor Authentication or MFA—which we know prevents 99 percent of credential theft—and other intelligent authentication methods make accessing apps easier and more secure than traditional passwords.
3. Diversity of data
It wasn’t just individuals, businesses, schools, and governments that rapidly responded to the pandemic, cyber adversaries also quickly pivoted. As such, software is needed to track the trillions of daily signals from a diverse set of products, services, and feeds around the globe to help identify new COVID-19 themed threats—sometimes in a fraction of a second—before they reached customers.
This diversity of data makes it easy to understand COVID-19 themed attacks in a broader context. Based on Microsoft data in 2020, cyber criminals were primarily adding new pandemic themed lures to familiar malware and less than 2 percent included COVID-19 related malicious attachments or URLs. Although these malware attacks have decreased, it also coincides with when defenders began increasing phishing awareness training in enterprises. This is a great example of how insights based on good data can help raise the cost of attacks for cyber adversaries.
4. Cyber resilience
Today’s businesses are more reliant than ever on cloud technology, so a comprehensive approach to operational resiliency must include cyber resilience. Microsoft benefited from a strategy that focused on four basic threat scenarios: Planful events like weather incidents, unplanned events such as earthquakes, legal events like cyber-attacks, and pandemics like COVID-19.
This allowed the Microsoft team to build out more specific response plans that leverage the flexibility of cloud technology and Zero Trust architecture. This also prepared employees and leadership with drills and table-top exercises.
5. Integrated security
The COVID-19 outbreak has brought into stark reality of how agile and callous these cyber adversaries can be. To uncover shifting attacker techniques and stop them before they do real damage, organizations need to be able to see across their apps, endpoints, network, and users. Thus, solutions that provide a more integrated view, can help ensure that the next shift won’t be into their blind spot.
“In the end, while digital acceleration will continue to influence the paradigm shifts that shape our industry, one thing remains the same; security technology is fundamentally about improving productivity and collaboration through secure, inclusive user experiences,’ concluded Haris.