scorecardresearch
A shield that's also a weapon: Security is a must-have in a business environment

A shield that's also a weapon: Security is a must-have in a business environment

Organisations should view security for what it truly is - not an add-on, but an engine for survival and success; not a business function, but a part of organisational culture.

Cybercrime is already costing economies more than $6 trillion each year, and the number is expected to increase to $10 trillion by 2025. Cybercrime is already costing economies more than $6 trillion each year, and the number is expected to increase to $10 trillion by 2025.

Digital technology is a powerful deflationary force in an inflationary economy. At the recently concluded Ignite, Satya underlined the urgent need for digital transformation of businesses. 

"We're moving from a mobile-and-cloud era to an era of ubiquitous computing and ambient intelligence - an era which will witness more digitalisation in the next ten years than the past forty," he said. 

When you are talking about digital transformation for your organisation, it is imperative to think about security at the core of the journey.  Greater digitalisation entails greater vulnerability to cyber threats.  

Cyber threats have increased rapidly over the years, in forms and numbers. In India alone, nearly 1.16 million cases of cyberattacks were reported in 2020 - a threefold increase from 2019 and more than 20 times as compared to 2016. 

Also Read: Increasing cyber-attacks show why stringent cyber-security laws are need of the hour

Meanwhile, cyberattacks on organisations worldwide jumped 29 per cent year-on-year during the first half of 2021. We are also seeing a rise in human-operated ransomware and malware attacks on OT and IoT infrastructure. 

Cybercrime is already costing economies more than $6 trillion each year, and the number is expected to increase to $10 trillion by 2025. 

From a security standpoint, these statistics alone would have been worrisome enough. What's complicating the challenge is the new "hybrid" operating model of organisations. Now, as we move into the Cloud era, we need to strengthen the security postures of organisations to make them truly future-ready.

The hybrid work model presents new security challenges 

Almost 75 per cent of IT decision-makers feel that hybrid work has made their organisation more vulnerable to security threats. 
The expansion of access, the increased number of endpoints, and the freedom to work from anywhere on any device has indeed introduced new threats and risks.

And all this while employees fail to avoid even simple traps like phishing links in emails and spoofed websites. It is therefore essential to add as many layers of protection as possible to keep data and devices secure.

In a hybrid environment, as personal devices become a part of the corporate network, organisations need to revamp or replace their identity and security solutions to establish the right level of trust. 

As you find ways to facilitate boundary-less collaboration within the organisation and with people outside it, you need to be mindful of privacy. 

Data must flow freely but securely. By safeguarding confidential and personal data, you will not only earn the trust of your customers and employees but also comply with the laws and regulations of the countries that you and your customers operate it.  

The future of security will be password-less, integrated, and a combination of outside-in and inside-out approaches 
In a digital world, where users need access to critical and private information, weak passwords are often an entry point for all attacks. 

Although users are creating more complex passwords than before and changing them frequently, attacks continue to persist, nonetheless. I believe that security, in the future, will largely be password-less.

Nobody likes passwords; they're inconvenient, and they are a prime target for cyberattacks. And why bother with passwords if you can have an app that uses biometric details to authenticate your identity? 

Also Read: Not US or China, Indian IT service firms face cyber security threat from Iranian hackers, warns Microsoft

Cloud security solutions can be integrated with other security and identity solutions to provide powerful threat intelligence and behaviour analytics to address even the most modern attacks. 

The key principle is based on a Zero Trust framework-verify explicitly, grant least privileged access, and assume breach- which is relevant to every organisation. 

There is also a need to shift the security approach from reactive to proactive. The average cost of a data breach is estimated at $4 million per incident, not to mention the damage caused to the company's reputation. 

In my interactions with business leaders and security experts from various industries, I am seeing an increasing sense of realisation that security needs to be addressed from the point of view of both internal vulnerabilities and external threats. 

It is like preparing for a soccer game. A team needs both a good defense and a great offense; having only one of the two isn't good enough.  

Security should be a part of both product design and organisational culture  

Threats can come from anywhere and it's no good locking the door to the house if you leave a window open. At Microsoft, we believe in an inside-out and outside-in approach to security. 

We advocate a comprehensive, end-to-end approach so that organisations may secure their entire digital estate. Security should be ingrained in the design itself like it is with Microsoft Teams and Windows.  

Organisations should view security for what it truly is - not an add-on, but an engine for survival and success; not a business function, but a part of organisational culture.

As a business leader, you can cultivate a successful security culture in your organisation by understanding its impact on employees, addressing resistance by highlighting the benefits of change, being honest and proactive in your communications, training your employees in skills specific to their area of work, and recognising and rewarding champions of change. 

I would like to share three learnings in this regard:-

  • Developing a new culture doesn't happen overnight; it is an ongoing journey, and everyone in the company - right from board members and C-suite executives to business managers and frontline workers - will need to be actively involved.  
  • Cybersecurity is equally important for everyone - large enterprise and government organisations as well as small and medium-sized businesses.  
  •  Security is everyone's responsibility; it does not rest with the CISO alone. One thing is for certain - with the peace of mind that comes with deploying comprehensive security, you will experience greater freedom to grow, create, and innovate. 

(The author is Executive Director, Cloud Solutions, Microsoft India.)