Microsoft Corp. has announced new products, employee plans, and guidance to tackle the global fight against increasingly large-scale and complex cyberattacks. These include additional support on multifactor authentication (MFA) and security protection for customers, along with Microsoft’s own transition of having employees adopt a Zero Trust approach.
The cybersecurity landscape has fundamentally changed due to large-scale, complex attacks in recent times. Hackers launch an average of 50 million password attacks every day—579 per second, and phishing attacks have increased. Firmware attacks are on the rise, and ransomware has become incredibly problematic. Microsoft had intercepted and thwarted a record-breaking 30 billion email threats last year and is currently actively tracking 40 plus active nation-state actors and over 140 threat groups representing 20 countries.
According to Microsoft Defender Antivirus’ telemetry, malware encounter rates in Asia Pacific have increased – 23% in Australia; 80% in China; 15% in India; 16% in Japan; 19% in New Zealand; and 43% in Singapore over the past 18 months, spanning pre-pandemic to now. As a subset of malware, ransomware encounters have also increased 453% in Australia; 463% in China; 100% in India; 541% in Japan; 825% in New Zealand; and 296% in Singapore over the same period.
According to Microsoft’s Work Trend Index, 53% of people surveyed in Asia plan to move because they can now work remotely – this is slightly higher than the global figure of 46%, pointing to the urgency for security to address this new way of working.
Mary Jo Schrade, Assistant General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia, shared, “Most of our region has transitioned to remote working over the past year. As we continue the need to work from home either full time or part time, we need to adopt more tools and build our defenses against potential cyberattacks. In Asia, adopting multi-factor authentication together with a Zero Trust approach are the foundations to safer work from home or hybrid work scenarios.”
Small-and-medium businesses (SMBs) are particularly vulnerable to cybersecurity threats – in Asia Pacific, SMBs make up more than 98% of enterprise and employ 50% of the workforce, comprising an integral part of the region’s social and economic well-being. However, a large percentage of SMBs do not know how to protect their companies, lack dedicated IT staff and have inadequate computer and network security.
Joe Sweeney, Advisor, Intelligent Business Research Services (IBRS), added, “Highly automated social attacks (phishing) are on the rise. They are coming through email, instant messaging, social media and texts. It is critical for organizations to take on a Zero Trust approach to address this, by segmenting all aspects of the end user environment and treat each as untrusted. This requires a very different thinking from the traditional ‘network as the border’ and ‘protect the device’ approach. It requires a data-centric and authentication-centric approach. While there are other security considerations, getting identity, authentication and information management sorted is essential.”
Securing remote working with new products
In line with individual and business security needs that come with remote working, Microsoft has launched new innovations to further protect customers. These new verification features include Azure AD Conditional Access to give admins more granular access controls, conditional launch settings with App Protection Policies in Microsoft Endpoint Manager, and an Azure AD shared device mode across multiple users.
Additional features and enhancements have also been launched on Microsoft 365 Defender, Azure Sentinel and Microsoft Cloud App Security. More on the new products launched globally can be found at https://www.microsoft.com/security/blog/2021/05/12/how-to-secure-your-hybrid-work-world-with-a-zero-trust-approach/.
Microsoft’s technology plan for employees
Microsoft and its 160,000 employees made the transition to hybrid work in 2020, with the following new guidance released organization-wide to maintain and uphold security:
- Keeping devices healthy and managed: All devices that need access to corporate resources must be managed to seamlessly keep the device secure and protected from phishing and malicious websites.
- Making security everyone’s job: Microsoft is offering new training, opportunities to provide feedback, and a new virtual security summit to ensure employees are empowered and equipped to be more secure.
- Securing home offices: Microsoft will continue to build and offer resources and guidelines for employees that will work remotely either part or full time.
- Building for Zero Trust: Microsoft is asking developers to build with a Zero Trust mentality.
Four key pillars to a new work reality
As security becomes increasingly top-of-mind for individuals and businesses, Microsoft has outlined key imperatives for users to be protected against cyber threats.
#1 – Using existing tools, including MFA
Recent cyberattacks have revealed that identity will be the battleground for attacks of the future. As businesses build their defenses for the new threat landscape, they should first examine the tools they already have.
For instance, MFA is a defense that organizations have available to them, and any Microsoft customer with a commercial service subscription can turn on MFA at no additional cost. However, Microsoft’s customer data show that only 18% have it turned on. Microsoft is actively working to make MFA rollout easier and more seamless for its customers, ensuring that the end-user experience is as frictionless and friendly as possible.
#2 – Embracing a Zero Trust Mindset
People and organizations need to have trust in the technologies that bring them together and adopting a Zero Trust strategy is no longer an option, but a new business imperative. When companies assume breach and provide the least privileged access necessary, this empowers employees with the flexibility and freedom they want.
Microsoft also believes that the future is passwordless and that the industry will see the transition happening this year. It recently deployed a new Zero Trust assessment tool that can help companies understand where they are currently on their Zero Trust journey and where they need to go.
#3 – Taking advantage of more robust security in the cloud
The benefits of the cloud for a remote or hybrid workforce are plentiful, and Microsoft believes that there will be a rapid migration to the cloud over the next six to 12 months as companies recover from 2020 and implement new infrastructure. Microsoft’s recent survey of its Microsoft Intelligent Security Association (MISA) partners found that 90% reported that customers have accelerated their move to the cloud due to the pandemic.
Having a strong cloud posture also provides a level of security that most companies are unable to achieve on their own. The recent NOBELIUM cyberattack revealed that that the vast majority of attacks originated on-premises, while attacks via the cloud were largely unsuccessful.
#4 – Investing in people and skills, and focusing on diversity
The shortage of cybersecurity professionals and a lack of diversity within teams are two big problems that attackers will take advantage in the coming year. 91% of Microsoft’s MISA partners reported more demand than supply for cybersecurity professionals, and there is an estimated shortfall of 3.5 million security professionals this year. This shortage would not only mean unfilled positions, but also too much work on existing teams.
By teaching, training, and arming new talent, this will solve the issue and build the workforce of the future. It is pertinent for organizations to build diverse teams that reflect the many viewpoints of people globally, including the same demographics as cyber attackers, to meet today’s security and privacy challenges.