- Microsoft telemetry shows increase in malware and ransomware
encounter rates in Asia Pacific since pre-COVID - New products developed to secure remote working for
customers - New guidance released for Microsoft’s transition of more
than 160,000 employees to hybrid work - Multifactor authentication, Zero Trust, cloud migration and
security talent key pillars to the new work reality
SINGAPORE – Media OutReach – 18 May 2021 – Microsoft Corp. has announced new products, employee plans, and guidance to
tackle the global fight against increasingly large-scale and complex
cyberattacks. These include additional support on multifactor authentication
(MFA) and security protection for customers, along with Microsoft’s own
transition of having employees adopt a Zero Trust approach.
The cybersecurity landscape has fundamentally changed due
to large-scale, complex attacks in recent times. Hackers launch an average of 50
million password attacks every day—579 per second, and phishing attacks have
increased. Firmware attacks are on the rise, and ransomware has become
incredibly problematic. Microsoft had intercepted and thwarted a
record-breaking 30 billion email threats last year and is currently actively tracking
40 plus active nation-state actors and over 140 threat groups representing 20
countries.
According to Microsoft
Defender Antivirus’ telemetry, malware encounter rates in Asia Pacific have
increased – 23% in Australia; 80% in China; 15% in India; 16% in Japan; 19% in New
Zealand; and 43% in Singapore over the past 18 months, spanning pre-pandemic to
now. As a subset of malware, ransomware encounters have also increased 453% in Australia;
463% in China; 100% in India; 541% in Japan; 825% in New Zealand; and 296% in Singapore
over the same period.
According to
Microsoft’s Work Trend Index[1],
53% of people surveyed in Asia plan to move because they can now work remotely
– this is slightly higher than the global figure of 46%, pointing to the
urgency for security to address this new way of working.
Mary Jo Schrade, Assistant General
Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia, shared, “Most of our region has transitioned to remote
working over the past year. As we continue the need to work from home either
full time or part time, we need to adopt more tools and build our defenses
against potential cyberattacks. In Asia, adopting multi-factor authentication
together with a Zero Trust approach are the foundations to safer work from home
or hybrid work scenarios.”
Small-and-medium
businesses (SMBs) are particularly vulnerable to cybersecurity threats – in
Asia Pacific, SMBs make up more than 98% of enterprise and employ 50% of the
workforce[2],
comprising an integral part of the region’s social and economic well-being.
However, a large percentage of SMBs do not know how to protect their companies,
lack dedicated IT staff and have inadequate computer and network security.
Joe Sweeney, Advisor, Intelligent
Business Research Services (IBRS), added,
“Highly automated social attacks (phishing) are on the rise. They are coming
through email, instant messaging, social media and texts. It is critical for
organizations to take on a Zero Trust approach to address this, by segmenting
all aspects of the end user environment and treat each as untrusted. This requires a very different thinking from
the traditional ‘network as the border’ and ‘protect the device’ approach. It
requires a data-centric and authentication-centric approach. While there are
other security considerations, getting identity, authentication and information
management sorted is essential.”
Securing remote
working with new products
In
line with individual and business security needs that come with remote working,
Microsoft has launched new innovations to further protect customers. These new verification
features include Azure AD Conditional Access to give admins more granular
access controls, conditional launch settings with App Protection Policies in
Microsoft Endpoint Manager, and an Azure AD shared device mode across multiple
users.
Additional
features and enhancements have also been launched on Microsoft 365 Defender, Azure
Sentinel and Microsoft Cloud App Security. More on the new products launched
globally can be found at https://www.microsoft.com/security/blog/2021/05/12/how-to-secure-your-hybrid-work-world-with-a-zero-trust-approach/.
Microsoft’s
technology plan for employees
Microsoft and its
160,000 employees made the transition to hybrid work in 2020, with the
following new guidance released organization-wide to maintain and uphold security:
- Keeping devices healthy and managed: All devices that
need access to corporate resources must be managed to seamlessly keep the
device secure and protected from phishing and malicious websites. - Making security everyone’s job: Microsoft is offering
new training, opportunities to provide feedback, and a new virtual security
summit to ensure employees are empowered and equipped to be more secure. - Securing home offices: Microsoft will continue to build
and offer resources and guidelines for employees that will work remotely either
part or full time. - Building for Zero Trust: Microsoft is
asking developers to build with a Zero Trust mentality.
Four key pillars to
a new work reality
As
security becomes increasingly top-of-mind for individuals and businesses,
Microsoft has outlined key imperatives for users to be protected against cyber
threats.
#1
– Using existing tools, including MFA
Recent
cyberattacks have revealed that identity will be the battleground for attacks
of the future. As businesses build their defenses for the new threat landscape,
they should first examine the tools they already have.
For instance, MFA
is a defense that organizations have available to them, and any Microsoft
customer with a commercial service subscription can turn on MFA at no
additional cost. However, Microsoft’s customer data show that only 18% have it
turned on. Microsoft is actively working to make MFA rollout easier and more
seamless for its customers, ensuring that the end-user experience is as
frictionless and friendly as possible.
#2
– Embracing a Zero Trust Mindset
People and
organizations need to have trust in the technologies that bring them together
and adopting a Zero Trust strategy is no longer an option, but a new business
imperative. When companies assume breach and provide the least privileged
access necessary, this empowers employees with the flexibility and freedom they
want.
Microsoft also believes
that the future is passwordless and that the industry will see the transition
happening this year. It recently deployed a new Zero Trust assessment tool[3] that can
help companies understand where they are currently on their Zero Trust journey and
where they need to go.
#3
– Taking advantage of more robust security in the cloud
The benefits of
the cloud for a remote or hybrid workforce are plentiful, and Microsoft
believes that there will be a rapid migration to the cloud over the next six to
12 months as companies recover from 2020 and implement new infrastructure. Microsoft’s
recent survey of its Microsoft Intelligent Security Association (MISA) partners
found that 90% reported that customers have accelerated their move to the cloud
due to the pandemic.
Having a strong
cloud posture also provides a level of security that most companies are unable
to achieve on their own. The recent NOBELIUM cyberattack revealed that that the
vast majority of attacks originated on-premises, while attacks via the cloud
were largely unsuccessful.
#4
– Investing in people and skills, and focusing on diversity
The shortage of
cybersecurity professionals and a lack of diversity within teams are two big
problems that attackers will take advantage in the coming year. 91% of Microsoft’s MISA partners reported
more demand than supply for cybersecurity professionals, and there is an
estimated shortfall of 3.5 million security professionals this year. This
shortage would not only mean unfilled positions, but also too much work on
existing teams.
By teaching,
training, and arming new talent, this will solve the issue and build the
workforce of the future. It is pertinent for organizations to build diverse
teams that reflect the many viewpoints of people globally, including the same
demographics as cyber attackers, to meet today’s security and privacy
challenges.
Source link