Key imperatives for cybersecurity in hybrid work environments

Photo by Dan Nelson

The cybersecurity landscape has fundamentally changed due to large-scale, complex attacks in recent times. Hackers launch an average of 50 million password attacks every day—579 per second, and phishing attacks have increased. Firmware attacks are on the rise, and ransomware has become incredibly problematic. Microsoft had intercepted and thwarted a record-breaking 30 billion email threats last year and is currently actively tracking 40 plus active nation-state actors and over 140 threat groups representing 20 countries.

According to Microsoft Defender Antivirus’ telemetry, malware encounter rates in Asia Pacific have increased – 23% in Australia; 80% in China; 15% in India; 16% in Japan; 19% in New Zealand; and 43% in Singapore over the past 18 months, spanning pre-pandemic to now. As a subset of malware, ransomware encounters have also increased 453% in Australia; 463% in China; 100% in India; 541% in Japan; 825% in New Zealand; and 296% in Singapore over the same period.

According to Microsoft’s Work Trend Index, 53% of people surveyed in Asia plan to move because they can now work remotely – this is slightly higher than the global figure of 46%, pointing to the urgency for security to address this new way of working.  

Mary Jo Schrade, Assistant General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia, shared, “Most of our region has transitioned to remote working over the past year. As we continue the need to work from home either full time or part time, we need to adopt more tools and build our defenses against potential cyberattacks. In Asia, adopting multi-factor authentication together with a Zero Trust approach are the foundations to safer work from home or hybrid work scenarios.”

Small-and-medium businesses (SMBs) are particularly vulnerable to cybersecurity threats – in Asia Pacific, SMBs make up more than 98% of enterprise and employ 50% of the workforce, comprising an integral part of the region’s social and economic well-being. However, a large percentage of SMBs do not know how to protect their companies, lack dedicated IT staff and have inadequate computer and network security.

Joe Sweeney, Advisor, Intelligent Business Research Services (IBRS), added, “Highly automated social attacks (phishing) are on the rise. They are coming through email, instant messaging, social media and texts. It is critical for organizations to take on a Zero Trust approach to address this, by segmenting all aspects of the end user environment and treat each as untrusted. 

“This requires a very different thinking from the traditional ‘network as the border’ and ‘protect the device’ approach. It requires a data-centric and authentication-centric approach. While there are other security considerations, getting identity, authentication and information management sorted is essential.”

Four key pillars to a new work reality

As security becomes increasingly top-of-mind for individuals and businesses, Microsoft has outlined key imperatives for users to be protected against cyber threats.

#1 – Using existing tools

Recent cyberattacks have revealed that identity will be the battleground for attacks of the future. As businesses build their defenses for the new threat landscape, they should first examine the tools they already have to ensure they are update and up for the task.

#2 – Embracing a Zero Trust Mindset

People and organizations need to have trust in the technologies that bring them together and adopting a Zero Trust strategy is no longer an option, but a new business imperative. When companies assume breach and provide the least privileged access necessary, this empowers employees with the flexibility and freedom they want.

#3 – Taking advantage of more robust security in the cloud

The benefits of the cloud for a remote or hybrid workforce are plentiful, and Microsoft believes that there will be a rapid migration to the cloud over the next six to 12 months as companies recover from 2020 and implement new infrastructure. Microsoft’s recent survey of its Microsoft Intelligent Security Association (MISA) partners found that 90% reported that customers have accelerated their move to the cloud due to the pandemic.

Having a strong cloud posture also provides a level of security that most companies are unable to achieve on their own. The recent NOBELIUM cyberattack revealed that that the vast majority of attacks originated on-premises, while attacks via the cloud were largely unsuccessful.

#4 – Investing in people and skills, and focusing on diversity

The shortage of cybersecurity professionals and a lack of diversity within teams are two big problems that attackers will take advantage in the coming year.  91% of Microsoft’s MISA partners reported more demand than supply for cybersecurity professionals, and there is an estimated shortfall of 3.5 million security professionals this year. This shortage would not only mean unfilled positions, but also too much work on existing teams.

Teaching, training, and arming new talent will solve the issue and build the workforce of the future. It is pertinent for organizations to build diverse teams that reflect the many viewpoints of people globally, including the same demographics as cyber attackers, to meet today’s security and privacy challenges.