Opinion

Covid has changed how we think about cybersecurity

Keshav Dhakad | Updated on September 08, 2020 Published on September 08, 2020

Initiating waves of digital transformation, the pandemic has forced companies and their customers to take a holistic approach to online security

COVID-19 sent shockwaves across industries, governments and communities, impacting every person on the planet. Overnight, organisations that people depend on for employment, healthcare, education, infrastructure, and essential services had to rapidly transform digitally just to function remotely.

Some maintained continuity by moving entirely online in a matter of weeks, creating demand for virtual processes, remotely managed operations, and virtual collaboration on a scale we’ve never seen before. Microsoft’s Satya Nadella said the company had seen two years’ worth of digital transformation in just two months.

Any time a process or function goes digital, it creates a potential cybersecurity vulnerability, especially when so many systems are implemented so quickly, further complicated by the requirements of remote connectivity. Security teams have been forced to adjust to new paradigms, find new ways to triage threats, and simplify tools and processes—rapidly.

With our technologies in the hands of billions and serving as the digital platform for much of the world’s infrastructure, Microsoft in many ways has been at the epicentre of this disruption and acceleration of tech intensity and enablement. Like everyone else, as the pandemic initiates waves of digital transformation, we’ve been learning continuously from customers and our own experiences.

Here are five observations from that vantage that we think are here to stay.

Security is the key to digital empathy: It’s safe to say that many companies will continue their remote work policies going forward. Some will operate under a hybrid model where certain roles are based in the office and others remain home. Some will stay entirely virtual. The question becomes how to protect the organisation while also nurturing productivity, innovation, and collaboration.

Technology’s role is to support and enable how people work and navigate through a pandemic. Security’s role is to safeguard the digital assets they’re using with as little impact as possible. And although people are working in unanticipated ways under stressful conditions, IT systems must allow for this diversity of work styles and scenarios — and embrace human error — more than ever.

This is digital empathy.

Security pros used to say that controls were built because humans were too casual. We need to change that point of view. Going forward, we must improve controls to support and empower people amid the new challenges they are managing and performing under constraints.

Companies should adopt a Zero-Trust posture: Historically, organisations have trusted a finite set of apps and devices they own and manage, largely behind their firewalls, mostly in their well-managed offices. Today, to meet employees where they are, they must secure apps, data/information, and devices anywhere.

The concept of “zero trust” is about enabling employees to access their work regardless of location or machine, but with a strong authentication and a controlled privileged access. Under a zero-trust model, the identity and access system does not just authenticates the user. It interrogates the machine, the network signal, the data being accessed, and whether the applications being used are patched and updated.

If you trust nothing, you can actually allow access to all things necessary, secured based on its level of risk. When people are working remotely on their own devices, a zero-trust architecture is essential to safeguard them as well as to drive confidence in the systems.

Diverse threat intelligence is key: Microsoft tracks more than 8 trillion daily signals from products, services and feeds around the globe, which helps it stay ahead of the curve. But the number of signals isn’t actually as relevant as their diversity: the location, the device, intel from threat feeds, and other resources like Office 365, GitHub, LinkedIn and Xbox, to name a few.

Diversity of signals allows us to triangulate and synthesise the data into real threat intelligence. During the pandemic, a blend of AI tools and human based-insights has helped identify new COVID-19-themed threats targeting health systems, government aid, delivery apps and more.

This also illustrates how important having contextually relevant threat data is to security operations center (SOC) admins. No two companies or environments are the same, so there is no one-size-fits-all threat intelligence feed.

Instead of overwhelming SOC admins with false leads, the key is a combination of low-level automation and human attention. Better data allows us to train the system to automatically identify and remedy low-level incidents while prioritising critical or complicated issues requiring human intervention.

Cybersystems resilience is fundamental to business resilience: Even under best practices, disruptions occur. And global events like the outbreak of COVID-19 or widespread civil unrest creates incredible complexity for cyber-systems that attackers will constantly try to exploit. So, having a full cyber resilience plan is absolutely fundamental to an organisation’s ability to quickly absorb the blow and bring systems back online. In that wake, the role of the CISO is evolving to be more of a business enabler and is becoming increasingly crucial as organisations’ security roadmap becomes critical for business continuity, competitiveness, and growth.

We talk a lot with customers about identifying essential business systems and ensuring they can be revived swiftly through some type of redundancy. Fortunately, in our cloud-based world, building redundancy into critical systems is easier than ever.

The cloud is a security imperative: Organisations often react to a security event by buying a tool, resulting in a proliferation of tools that don't talk to each other. It becomes unwieldy to manage and actually can make security less effective, exploited by cyber criminals.

Bolting on tool after tool creates new attack surfaces — gaps between tools and weaknesses caused by poor integration efforts — that hackers understand well. And synchronicity problems, caused when a vendor upgrades and the organisation doesn’t, can exacerbate any security issues.

The modern security posture is about having a fully engineered-in and integrated set of tools built-in into the overall technology stack, with cloud powered threat intelligence. The cloud is built for power compute, hyper scale, and hybrid integration and has seen unprecedented demand during COVID-19, due to its enterprise grade integrated security, powered by global threat analytics and AI, enabling continuous monitoring, defence, and hardening. The cloud also streamlines the software supply chain, minimising the risk of vulnerabilities introduced by bolt-on tools.

The lessons of COVID-19 have permanently changed society, and to a lesser extent, the way we think about cybersecurity. In a world where people are simply trying to keep their businesses in business, our mindset, outlook, and practices must evolve. By making the entire system easier to protect and manage, it’s also much easier to recover and reimagine.

The writer is Group Head and Assistant General Counsel- Corporate, External and Legal Affairs, Microsoft India

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on September 08, 2020
This article is closed for comments.
Please Email the Editor