More secure strategy shores up the foundations of the Cloud Economy
and the future of business
Bangkok, 9 March 2021 – Microsoft Thailand is underlining the importance of cybersecurity and encouraging organizations to adopt the “Zero Trust” approach to securing their data, applications, employees, and infrastructure – ultimately keeping them safe from malicious actors, minimizing risks, and reinforcing confidence as attacks continue to grow in sophistication.
Saruj Thipsena, Solution Specialist Team Unit (STU) Lead, Microsoft (Thailand) Limited, said, “The changes that we have seen over the past year – such as working environments that no longer rely on office presence – have driven companies of all sizes to accelerate their digital transformation process. This has in effect moved our world into the era of the Cloud Economy and digital platforms, and the cloud itself as opened up new possibilities on every level by granting organizations the resilience required to cope with changes and challenges or even adopt whole new business models to become more competitive. In the long run, however, cybersecurity still has a major part to play in ensuring confident progress across this digital economy landscape.
With advanced technologies becoming more prevalent in organizations and at home, cybercriminals have also boosted their arsenal with more sophisticated and effective weapons. Data leak incidents are happening with increasing frequency and may encompass large amounts of consumer data. Over the past 30 days alone, Microsoft’s global network detected 1.66 million devices in Thailand with malware1 – the third highest number in Southeast Asia behind Indonesia (3.27 million) and the Philippines (1.83 million).
“With more systems and procedures at work now more digitized than ever, cybercriminals can also cause even more damage – a risk that comes part and parcel with the era of the Cloud Economy. One thing we cannot forget is that these criminals do not operate on the same standards as businesses and do not have to follow regulations or ethical guidelines. As a consequence, Microsoft has adopted the ‘Zero Trust’ approach to protect ourselves and our customers from the threat and escalate defensive measures as necessary. We have to be always on the move as the threats around us are similarly always changing and adapting,” added Saruj.
All eyes on rising threat from supply chain attacks as ransomware continue to pose risks
Microsoft’s security systems monitor over 6.5 trillion signals daily worldwide for signs of malware and attacks in order to discover and defend against new threats. Current data indicates that the education sector is the most prominent target for malware attacks, accounting for 62.2% of all malware infections detected.
One of the most threatening types of attack in recent times is the supply chain attack, which aims to insert malware or backdoors into applications that are then distributed to unknowing customers both in the form of full products or software updates. Since the malware is within components of authorized software officially used by the organization, it has a higher chance of evading detection and can operate with relative freedom within the organization’s systems.
Watch a video explainer on supply chain attacks and how to defend against them at https://youtu.be/uXm2XNSavwo
Ransomware, meanwhile, remains an active threat. In addition to more frequent attacks, it was found that 58% of organizations under a ransomware attack chose to pay a ransom in exchange for regaining access to their data – up from 45% in 20192. This shift could motivate cybercriminals to use ransomware as an attack vector more often.
The Zero Trust approach: strengthening the foundations and minimizing risks on every front
Given the prevalence of threats, Microsoft devised the “Zero Trust” concept as an approach towards strengthening defenses for all systems, products, and services. Zero Trust comprises three major principles:
- Verify explicitly: Use all possible sources of data to verify and authenticate access requests from users. Each and every user is to be treated the same – which means even users from within the organization must be required to verify their identity to the same extent as outsiders to prevent falsified access requests from succeeding.
- Use least privileged access: Only grant the minimum necessary access rights to each user, allowing them to accomplish their tasks without exposing data or systems to additional risks.
- Assume breach: Adopt modern designs for the network, access rights, and monitoring and response systems to limit possible damage from an attack and enable real-time responses against threats. Furthermore, data should be secured through all possible means – from end-to-end encryption to using analytics to detect signs of a possible attack.
Saruj added: “Microsoft’s security platform is based on this Zero Trust approach in order to keep the data, networks, systems, and people – both ours, our customers’, and our partners’ – safe from threats. To ensure explicit user verification, we have Azure Active Directory to authenticate access requests without complicating access to apps and tools in the organization through a single sign-on system. Microsoft 365 Information Protection and Governance, meanwhile, helps secure the organization’s data from leaks – no matter intentional or accidental – through access controls and thorough labeling of data. These technologies operate on an open platform basis, which means that they can be deployed alongside Microsoft technologies as well as other platforms.”
Furthermore, cloud-based security services such as Azure Sentinel use AI to analyze data and signals that may indicate unusual events leading up to an attack. Azure Security Center, meanwhile, enables the team responsible for security to be aware of the current situation across the entire organization from a single screen. It also supports the organization in determining if its systems are compliant with standards and regulations in each country and industry.
For more information on securing your data, check out Microsoft’s e-book on data security and privacy under Thailand’s Personal Data Protection Act. Register to download the e-book for free at https://bit.ly/3kTWE0A and follow the latest updates from Microsoft Thailand at https://news.microsoft.com/th-th/.