2020—the year of cyber resilience

IT professional at work

Our guest contributor for this blog post, Ann Johnson, is Corporate Vice President of Security, Compliance and Identity Business Development at Microsoft. She oversees the company’s investment and strategic partner strategy roadmap for security, compliance, and identity, helping organizations become operationally resilient on their digital transformation journey and unlock capabilities of Microsoft’s intelligent cloud and next generation AI. She is a member of the board of advisors for FS-ISAC (The Financial Services Information Sharing and Analysis Center), an advisory board member for EWF (Executive Women’s Forum on Information Security, Risk Management & Privacy), and an advisory board member for HYPR Corp. You can also hear her talk with some of the biggest influencers in cybersecurity each week on Afternoon Cyber Tea with Ann Johnson.

The year 2020 has driven a greater awareness of resilience across many aspects of society. Resilience is fundamental to weathering the changes triggered by digital transformation, the ongoing pandemic, the rapid shift to remote work, and all other influences reshaping the business landscape.

There has been no shortage of challenges for all of us this past year as we’ve worked to adapt to new ways of life in our homes, workplaces, and schools. While some of these challenges are out of our control, our ability to respond to and bounce back from adversity in general can impact the short-and long-term success of our organization, and it can even dictate the leaders and laggards for your industry.

It all starts with resiliency.

Operational resilience

Global events like the ones we experienced this past year highlight the need for organizations to have a holistic response plan that looks beyond security and scale. More than 42 percent of organizations tell us that their workforce will remain remote well into 2021, and operational resilience remains the key to maintaining this business continuity. As security threats become more daunting and many organizations remain in this remote work environment, your organization and customers must reach a state where your core operations and services will not be disrupted by unexpected changes.

A key part of this transition often involves migrating to the cloud and adopting virtualization. For example, Microsoft partner Airnet recently helped the Georgia Office of the State Treasurer (OST) transition to Azure and Windows Virtual Desktop. This shift modernized Georgia OST’s operations while improving reliability, enabling remote workers, and bolstering security. Additionally, with more enterprises relying on cloud technology, developing a comprehensive cyber resilience strategy as part of a holistic approach to operational resilience makes preparing for a wide range of contingencies less complicated.

We know from experience that an investment in cyber resilience includes a combination of three important things: technology, processes, and people. To better support all three, turn on multi-factor authentication (MFA) for 100 percent of your employees, 100 percent of the time; using MFA blocks 99.9% of the account hacks your organization and customers face, on average.

To maintain cyber resilience, you should regularly evaluate your risk threshold and its ability to operationally execute processes through a combination of human efforts and tech-based products and services.

Every person with corporate network access—including full-time employees, consultants, and contractors—should be regularly trained to develop a resilient mindset. It’s not just about adhering to a set of IT security policies around identity-based access control—empowering people also encompasses alerting IT to suspicious events and infections as soon as possible to help minimize time to remediation.

Community resilience

Now, whether it’s the year 2020, or beyond, we can expect that cybersecurity challenges will continue to evolve just as they always have. We can expect cybercriminals to continue to be opportunistic, exploiting current news headlines and trends in their socially engineered attacks.

Despite this certainty, I am more convinced than ever that the most important aspect of our work remains fundamentally human. From how our cyber defenders leverage advanced technology like AI and machine learning to prioritize the signals from the noise, to providing security tools that are empathetic to the end user experience, we know that investing in people will always give us an edge and help build resiliency—and we need to continue embracing this human spirit in the world of cybersecurity.

This is one of the many reasons why it’s critical to prioritize the wellbeing of your employees to help them focus and perform at their best. Research from our latest Work Trend Index underscores just how important this is:

  • More than 30 percent of first line and information workers said the pandemic has increased their sense of burnout at work, according to a global study.
  • NSA data shows a greater number of mistakes are made the longer a cyberattack goes on.
  • One-third of remote workers say the lack of separation between work and life is negatively impacting their wellbeing.

To ensure your organization is equipped with the tools you need to combat these issues, we recently announced new features in Microsoft Teams that protect your employees’ wellbeing and productivity. The updates include a virtual commute to restore the division with work and home life, as well as integration with mindfulness app Headspace. We’ll continue to invest in this area to ensure you’re equipped to protect your people while maximizing efficiency.

We cannot afford for our cybersecurity community to become overwhelmed or fatigued. As your customers navigate the shift to remote and hybrid work, they will look to the Microsoft Partner Network for solutions and guidance that help securely set them up for success.

In response, we have also updated both Azure and Microsoft 365 to include changes to: 

  • Microsoft Defender
  • Our comprehensive extended detection and response offerings
  • Enhanced protections for containers and IoT
  • Compliance Manager, which helps customers address increasing regulations
  • A new decentralized identity pilot
  • New connectors and APIs to help you to protect identities, apps and services across your cloud environments—even outside of Microsoft.

Resiliency, how we work together to prepare for it through investments in our cybersecurity operations, our partnerships, and our people is equally as important as how we respond to, and move past, adversity. This is one of the many reasons why Microsoft is so committed to supporting you every step of the way—in both prosperous and challenging times. As we work together, I’m confident we’ll become even more resilient and capable of meeting the evolving needs of our customers than any of us are independently.