“Digital Transformation has raised the stakes, with 69% of senior executives telling Forbes that this is forcing fundamental changes to security strategies. If you’re going to open your organization up to new customers, new markets, and anytime, anywhere access, you need to do it securely.”
– Ann Johnson, Corporate Vice President, Cybersecurity solutions, Microsoft
The Digital Climate
How can we protect ourselves in this new digital era? It’s a question that many businesses and governments are asking worldwide. In the digital world we live in today, there is a tremendous amount of opportunity. When we think about the advancements of cloud, and the ability of employees to access applications and data from almost anywhere, the face of employee mobility and teamwork has significantly changed, but that also raises concerns with regards to security. In fact, the estimated cost due to cybercrime is expected to reach $3 trillion by 2020.
In order to build resilience in the security space, we need to understand the challenges that are out there and how to combat them.
Today’s key challenges and how to securely prepare for the Cloud
As excitement builds among organizations to move to the Cloud and leverage its benefits and advantages, it is crucial to adopt a measured and proactive approach. Only in this way can organizations prepare their Cloud environments to provide optimal impact and evolve in a manner that does not expose their data or assets to unnecessary or unreasonable risk.
The challenges organizations face in this period of transformation are straightforward but often require a change in thinking:
1) It starts with Identity Management
Identity attacks are up 300% this year alone. Identity is becoming the essential control plane for security; attackers understand this and are heavily targeting this gateway to your organization.
Traditional security boundaries are blurred and are no longer the primary defense point. Identities are the key avenues to accessing any organization’s resources and data, no matter where they are. Identity-based protection is a critical starting point for a strong defense against today’s attacks, especially for profiles with privileged access.
2) Adapting to the Cloud models
The Cloud cannot be secured like a mere extension of the traditional on premises environment. This is a new environment that requires new thinking, such as accepting the notion of shared responsibility between the enterprise and the Cloud provider in order to stay future-proof.
3) Focus on the data
The data must be secured above all else. The only assets the organization will truly own in the Cloud is its data. Security strategies must be adapted to this fact and work to ensure the confidentiality, integrity and availability of the data at all times.
4) Evolve all aspects of the security strategy, at speed
Do not focus solely on areas such as Protection and Detection. Ensure the security strategy for the new Cloud era also includes areas such as Prevention, Identity Management, Incident Response, Business Continuity and Recovery. And do it at speed.
Attacks are spreading incredibly fast, making it highly difficult for humans to keep up. 96% of the malware we detect is automated polymorphic malware that changes its look and shape every time it infects a new system.
As attackers adopt automation, you need to also have automation in your corner. The best protections can be beaten, and so you must be agile to quickly detect attacks and have automatic responses prepared to react.
Remaining Agile to Build Resistance
In order to build a digital resilience, you must understand the risk of cyber-attacks and understand the strategic areas to focus on in order to successfully combat them. In order to help customers stay informed, Microsoft publishes an update every 6 months called the Security Intelligence Report on the global security landscape. It’s a great resource to ensure you are maintaining a state of digital resilience.