Cybersecurity has shot to the top of business agendas in recent months, as the sudden shift of workforces from the office to the home highlighted a host of new threats within remote-working setups. Add to that the explosion in opportunistic cybercriminals hoping to cash in on the situation, and businesses are faced with a security minefield as the prospect of remote work looms indefinitely.
Many businesses are adapting to this new scenario, reprioritising their investments and fast tracking projects aimed at shoring up IT security. Microsoft recently conducted a survey of nearly 800 business leaders from the UK, US, Germany and India to better understand how the coronavirus pandemic will influence the cybersecurity landscape going forward, including their own plans for budgets, staffing and investments.
The bottom line is that the pandemic is accelerating the digital transformation of cybersecurity. Here are five ways COVID-19 is shaping the future of the industry, according to Microsoft.
Having entire workforces work from home meant that businesses had to quickly ensure that employees were set up with the necessary tools to work safely and effectively from home. This didn’t mean simply mean VPNs; companies have recognised that apps that promote productivity, collaboration and a positive end-user experience are a priority for creating healthy remote workforces. Microsoft calls this “digital empathy” – what it really means is ensuring that the end-user experience is inclusive.
According to Microsoft’s study, improving end-user experience and productivity for remote workers is the top priority of security business leaders (41%), and this means extending security policies so employees can use more apps for remote work. Enabling multi-factor authentication (MFA) was identified as key to beginning this journey by Microsoft’s respondents, and was also the top security investment made by businesses during the pandemic.
Everyone is on a Zero Trust journey
Zero Trust shifted from an option to a business priority in the early days of the pandemic, as business leaders sought to get a handle on the influx of new, potentially unsecured, devices logging into corporate networks from employees’ homes. In light of the growth in remote work, more than half (51%) of business leaders are speeding up the deployment of Zero Trust capabilities, Microsoft said. According to the company, this will eventually become the industry standard: 94% of companies in Microsoft’s study reported that they were in the process of deploying new Zero Trust capabilities.
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
Diverse datasets means better intelligence
The COVID-19 pandemic has been a breeding ground for phishing scams, skimming attacks and a host of other cybersecurity nasties seeking to exploit the unprecedented situation. According to Microsoft, 54% of security leaders reported an increase in phishing attacks since the beginning of the outbreak.
But the pandemic has also highlighted the power of cloud-based tools and datasets in tackling cybersecurity threats as they travel across the globe. Microsoft said it had tracked more than eight trillion daily threat signals using a diverse set of products, services, and feeds, combining both automated tools and human insights to identify new COVID-19-themed threats before they reached end users.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Cyber resilience is fundamental to business operations
Cybersecurity will underpin much of what businesses do, if the remote-working trend continues as expected. To ensure resiliency in this new threat landscape, businesses will need to regularly evaluate their risk and their ability to execute their cybersecurity strategies, using a combination of human efforts and technology, Microsoft said.
According to Microsoft, the cloud can make it easier for organisations to plan out cybersecurity risk scenarios and contingency plans: more than half of “cloud-forward” and hybrid companies in Microsoft’s study reported having a cyber-resilience strategy for most risk scenarios, compared to 40% of primarily on-premises organisations. Meanwhile, 19% of companies relying mainly upon on-premises technology said they didn’t plan to maintain a documented cyber-resilience plan.
The cloud is a security imperative
Microsoft’s study revealed that successful phishing attacks were reported in significantly higher numbers from organisations that described their resources as mostly on-premises (36%) as opposed to being more cloud-based. At the same time, nearly 40% of businesses said they were prioritising investments in cloud security to reduce the risk of breaches, followed by data and information security (28%) and anti-phishing tools (26%). Taken together, Microsoft said, COVID-19 has showcased the need for integrated security spanning endpoints to the cloud, making the cloud a crucial part of any business’ future cybersecurity investments.