nasscom Community

Security is critical in a hybrid work environment

2 Mins read

 

The cloud era has fundamentally changed the way businesses must think about security. The threat landscape has never been so complex and challenging as we are witnessing now. It is imperative to think about security at the core of the digital transformation journey. Greater digitalization entails greater vulnerability to cyber-attacks.

The threat landscape is becoming more complex

Cyber threats have increased rapidly over the years, in forms and numbers. According to Microsoft’s Digital Defense Report 2022, attackers are adapting and finding new ways to implement their techniques, thereby increasing the complexity of how and where they host campaign operation infrastructure. The volume of password attacks has risen to an estimated 921 attacks every second – a 74% increase in just one year.

Cybercrime is already costing economies more than $6 trillion each year, and the number is expected to increase to $10 trillion by 2025. A recent survey by Microsoft shows that 83% of business leaders see managing multicloud complexity as their biggest pain point in 2022. Moreover, the hybrid work has exposed the world to new ways collaborating and connecting, thereby leading to more complex and dangerous risks. The expansion of access, the increased number of endpoints, and the freedom to work from anywhere on any device has indeed introduced new threats and risks.

Security challenges are accelerating in a hybrid work environment

In the hybrid work environment, the threat of ransomware and extortion is becoming more audacious with attacks targeting businesses. Human operated ransomware is most prevalent, as one-third of targets are successfully compromised by criminals using these attacks and 5% of those are ransomed. The most effective defense against ransomware includes multifactor authentication, frequent security patches, and Zero Trust principles across network architecture.

Threat actors show clear preferences for certain techniques. Email phishing continues to grow and has become a dominant vector. Given the increase in available information regarding these schemes and technical advancements in detection, cyber criminals are now spending significant time, money, and effort to develop scams that are sufficiently sophisticated to victimize even savvy professionals. We need to strengthen the security postures of organizations to make them truly future-ready.

Navigating security challenges in a hybrid work environment

In a hybrid setup, as personal devices become a part of the corporate network, organizations need to revamp or replace their identity and security solutions to establish the right level of trust. As organisations find ways to facilitate boundary-less collaboration within the organization and with people outside it, data must flow freely but securely.

By safeguarding confidential and personal data, organisations will earn the trust of customers and employees and comply with the laws and regulations of the countries that they operate in.

Organizations should view security for what it truly is – not an add-on, but an engine for survival and success; not a business function, but a part of organizational culture. Business leaders must cultivate a successful security culture in their organization by understanding its impact on employees, addressing resistance by highlighting the benefits of change, training employees in skills specific to their area of work, and recognizing and rewarding champions of change.

About the Author

Terence Gomes

By Terence Gomes, Country Head – Security, Microsoft India

 

Terence Gomes has been part of the Indian IT Industry for 23+ years with most of his time dedicated to advising organizations and partners on dealing with cyber threats and cyber frauds.

He is a Certified Cloud Security Professional and a regular speaker at various forums including Indian Payment Risk Council, IDRBT, ISAACA Mumbai Chapter and other industry events to share best practices on topics of cyber security and cyber fraud prevention.

Before joining Microsoft, he has worked at companies like Intel, McAfee & RSA handling diverse set of portfolios that included business development, strategic alliances, product management and consulting in and around cyber security.