It’s time we rethink cybersecurity

It’s time we rethink cybersecurity

A few weeks have passed since I last wrote about cybersecurity. Since then, reports about new cyber-attacks or new vulnerabilities have been a basso continuo following us every other day. Just this week “Le Temps” reported that tax declarations of Swiss citizens are circulating in the dark web after an attack on a trust office. With this very example we see what I have mentioned previously: Increasingly, small and medium businesses are becoming targets of these attacks. For them, too, the impact –?especially in terms of damage of reputation and loss of customer confidence –?can be massive.

So, why do ransomware attacks succeed in the first place? It’s mostly because IT security is not part of the core business of the users concerned. Naturally, this is a problem small and medium businesses are increasingly faced with. This also shows that cybersecurity is no longer a topic owned by the IT department, but for the executive board to have on top of their agenda. Moreover, it is a responsibility of every single one of us. Why? Because the cybersecurity chain is only as strong as its weakest link.

In a hybrid world, there is an increasing number of weak links with an increasing number of devices and access points. One way to deal with this is the Zero Trust Approach. Of course, those familiar with the concept will rightly point out that it is not new. I was also not invented by Microsoft. But Zero Trust is essentially how we think about cybersecurity. So let me elaborate more on that and how we can all use it to rethink security. I will also talk with our Chief Security Advisor Roger Halbheer about these aspects during our Swiss Security week next Tuesday, so please join us for a live discussion – you can sign up here.

As such, a Zero Trust strategy will be top of mind for many organizations because its principles help maintain security amid the IT complexity that comes with hybrid work. These principles are to verify explicitly, to grant least privileged access, and to assume breach. Here are a few thoughts of what we have:

1.?????Verify explicitly

One of the most important first steps in a Zero Trust journey is to establish strong authentication. No matter the length or complexity, passwords alone won’t protect your account in the majority of attacks. Monitoring logins for suspicious activity and limiting or blocking access until additional proof of identity is presented drastically reduces the chances of a breach. On the other hand, modern multifactor authentication doesn’t have to be complicated for the user. Therefore, I’m fully convinced our future will be passwordless.

2.?????Grant least privileged access

As we have entered into new hybrid work environments, businesses need to think about how they will proactively protect their organizations from the influx of new or “bring your own” connected devices – or even new apps that have helped people to work in new ways. This new normal has exposed the most challenging cybersecurity landscape we’ve ever encountered, and the least privileged access ensures that only what must be shared is.

3.?????Assume breach

Comprehensive security that is multi-platform and multi-cloud with simplification front and center is going to be important for the “assume breach” approach.?With threats continuing to get more sophisticated, it is important to have the latest AI and machine learning capabilities at hand to separate important incidents from noise.?But “assuming breach” isn’t just about external threats – you also have to be thoughtful about protecting your organization from the inside out. To address these issues, you need the latest technology to support you.

In a world where identity is the new battleground, I see adopting a Zero Trust strategy as no longer an option, but a new business imperative. People and organizations need to have trust in the technologies that bring them together. The term Zero Trust may feel like the opposite of that, but when you assume breach and provide the least privileged access necessary, it actually empowers employees with the flexibility and freedom they want.

So, I would be happy to welcome you our Swiss Security Week. Will you join me?

Arnd Michael Hungerberg

Senior Director Strategic Engagements// Member of the APAC LT//AI&Cloud Enthusiast//Networker//Alliance and Partnership//GF-Trader/ Advisory Board Member/Family Office/Tech-Lover/INSEAD-Alumni/

3 年

要查看或添加评论,请登录

Catrin Hinkel的更多文章

  • Embracing the Future: Switzerland’s Innovation Journey

    Embracing the Future: Switzerland’s Innovation Journey

    As the CEO of Microsoft Switzerland, I recently had the privilege of attending the Swiss Economic Forum, where I…

    1 条评论
  • My predictions for 2022

    My predictions for 2022

    At the beginning of a new year I always love reading people’s predictions what the next twelve months will bring. Some…

    6 条评论
  • Neudenken – the Art of Reimagination

    Neudenken – the Art of Reimagination

    As I was reflecting on my article, I read a great commentary in the Neue Zürcher Zeitung with the title “Richtig…

    13 条评论
  • Why diversity and inclusion matter for business

    Why diversity and inclusion matter for business

    In our monthly Swiss townhall, diversity and inclusion were one of the topics we discussed. Judging by how extensively…

    5 条评论
  • Let’s talk about “resilience”

    Let’s talk about “resilience”

    One term that has a pretty good chance of being voted business word of the year is "resilience". I believe it is about…

  • How Microsoft partners can and do have powerful impact

    How Microsoft partners can and do have powerful impact

    Last week I shared a post from Cindy Rose, President of Microsoft Western Europe, about the Partner Pledge. Since this…

    6 条评论
  • To be more secure, we need to learn together

    To be more secure, we need to learn together

    With the move toward hybrid and remote work, the past 18 months have been extremely challenging in terms of…

  • Why we need to think globally and act locally

    Why we need to think globally and act locally

    This week, we had the great pleasure to host some of our Microsoft colleagues from abroad in Switzerland. On Tuesday…

    2 条评论
  • You need the right tool to do the job in a hybrid world

    You need the right tool to do the job in a hybrid world

    In a recent poll I did on LinkedIn, I asked you what is most important to you in a hybrid work setting. 78 percent…

    1 条评论
  • In the new hybrid world, a culture of trust is key

    In the new hybrid world, a culture of trust is key

    “Should I stay, or should I go?” – this is a question I ask myself whenever I decide whether I should work in the…

    3 条评论

社区洞察

其他会员也浏览了