A shield that’s also a weapon: Security is a must-have in a business environment

Digital technology is a powerful deflationary force in an inflationary economy. At the recently concluded Ignite, Satya underlined the urgent need for digital transformation of businesses. “We’re moving from a mobile-and-cloud era to an era of ubiquitous computing and ambient intelligence – an era which will witness more digitalization in the next ten years than the past forty,” he said. When you are talking about digital transformation for your organization, it is imperative to think about security at the core of the journey.  Greater digitalization entails greater vulnerability to cyber threats.  

Cyber threats have increased rapidly over the years, in forms and numbers. In India alone, nearly 1.16 million cases of cyberattacks were reported in 2020 – a threefold increase from 2019 and more than 20 times as compared to 2016.1 Meanwhile, cyberattacks on organisations worldwide jumped 29 percent year-on-year during the first half of 2021. We are also seeing a rise in human-operated ransomware attacks and malware attacks on OT and IoT infrastructure. Cybercrime is already costing economies more than $6 trillion each year, and the number is expected to increase to $10 trillion by 2025. 

From a security standpoint, these statistics alone would have been worrisome enough. What’s complicating the challenge is the new “hybrid” operating model of organizations. Now, as we move into the Cloud era, we need to strengthen the security postures of organizations to make them truly future-ready. 

The hybrid work model presents new security challenges 

Almost 75 percent of IT decision-makers feel that hybrid work has made their organization more vulnerable to security threats. The expansion of access, the increased number of endpoints, and the freedom to work from anywhere on any device has indeed introduced new threats and risks. And all this while employees fail to avoid even simple traps like phishing links in emails and spoofed websites.2 It is therefore essential to add as many layers of protection as possible to keep data and devices secure.3 

In a hybrid environment, as personal devices become a part of the corporate network, organizations need to revamp or replace their identity and security solutions to establish the right level of trust. As you find ways to facilitate boundary-less collaboration within the organization and with people outside it, you need to be mindful of privacy. Data must flow freely but securely. By safeguarding confidential and personal data, you will not only earn the trust of your customers and employees but also comply with the laws and regulations of the countries that you and your customers operate it.  

The future of security will be password-less, integrated, and a combination of outside-in and inside-out approaches 

In a digital world, where users need access to critical and private information, weak passwords are often an entry point for all attacks . Although users are creating more complex passwords than before and changing them frequently, attacks continue to persist, nonetheless. I believe that security, in the future, will largely be password-less. Nobody likes passwords; they’re inconvenient, and they are a prime target for cyberattacks. And why bother with passwords if you can have an app that uses biometric details to authenticate your identity? 

Cloud security solutions can be integrated with other security and identity solutions to provide powerful threat intelligence and behavior analytics to address even the most modern attacks.4 The key principle is based on a  Zero Trust framework—verify explicitly, grant least privileged access, and assume breach— which is relevant to every organization. 

There is also a need to shift the security approach from reactive to proactive. The average cost of a data breach is estimated at $4 million per incident, not to mention the damage caused to the company’s reputation. 

In my interactions with business leaders and security experts from various industries, I am seeing an increasing sense of realization that security needs to be addressed from the point of view of both internal vulnerabilities and external threats. It is like preparing for a soccer game. A team needs both a good defense and a great offense; having only one of the two isn’t good enough.  

Security should be a part of both product design and organizational culture  

Threats can come from anywhere and it’s no good locking the door to the house if you leave a window open. At Microsoft, we believe in an inside-out and outside-in approach to security. We advocate a comprehensive, end-to-end approach so that organizations may secure their entire digital estate. Security should be ingrained in the design itself, like it is with Microsoft Teams and Windows.  

Organizations should view security for what it truly is – not an add-on, but an engine for survival and success; not a business function, but a part of organizational culture. As a business leader, you can cultivate a successful security culture in your organization by understanding its impact on employees, addressing resistance by highlighting the benefits of change, being honest and proactive in your communications, training your employees in skills specific to their area of work, and recognizing and rewarding champions of change. 

I would like to share three learnings in this regard.  

• Developing a new culture doesn’t happen overnight; it is an ongoing journey, and everyone in the company – right from board members and C-suite executives to business managers and frontline workers – will need to be actively involved.  
• Cybersecurity is equally important for everyone – large enterprise and government organizations as well as small and medium-sized businesses.  
• Security is everyone’s responsibility; it does not rest with the CISO alone. One thing is for certain – with the peace of mind that comes with deploying comprehensive security, you will experience greater freedom to grow, create, and innovate.