Sian John
Chief Security Advisor
Experts and Security Blackbelts from across Microsoft, including the Detection and Response Team and the Digital Crimes Unit, came together virtually to share perspectives on the latest security, compliance and privacy challenges that seek to compromise the modern workplace – a topic of growing importance as organizations across the world recover from disruption and adjust to a new normal.
Hosted by Sian John MBE, Microsoft’s EMEA Director of Cybersecurity Strategy, the Security Summit explored the crucial issues organizations and security professionals face today, looking at emerging trends in cybersecurity, securing a workforce in a remote working world, insider risks and how to manage them, and so much more.
Below are just some of the key takeaways from the event. And you can watch all the sessions from the summit on demand here.
As a business and an employer, there is a responsibility to know exactly what happens to your data – where it is, why you have it, and who can access it, as well as the potential consequences if there is a breach.
Remote work adds a level of complexity – employees may be using personal devices and unsecure applications beyond the trusted network perimeters. That’s why knowledge is key, to understand the risk, the potential impact of a compromise, and how to avoid it.
Technology can ensure controls are in place and make the necessary risk assessments, but it’s a joint responsibility to make sure your organization remains compliant.
Over recent years there has been a shift in the security mindset, from a network mentality (assuming an individual is secure because they’re in the four walls of a trusted network) to identity – securing organizations and controlling access based on the individual.
It’s important this is done in a way that doesn’t limit an employee’s usability or productivity. Multi-Factor Authentication is a good place to start – the single, most impactful tool to protect against account compromise, while still giving employees seamless access to all apps with single sign-on, from any location or device.
At the Summit, Simon Gardiner from Microsoft’s Detection and Response Team (DART) encouraged security professionals to be honest about their capacity, and to say when they’re feeling stressed. In reality, monitoring and protecting an organization from security incidents is not an easy task; it takes unparalleled attention, commitment and sometimes availability around the clock.
Technology and automation can play a significant role in reducing this pressure on security teams. If you’ve noticed something abnormal once or twice, leverage automation so that the third time it happens it’s reported, instead of hunted for. Automation frees humans up to do what technology cannot – act with intuition.
Security and compliance doesn’t just impact the team who put the controls in place, it impacts every employee and every output. Security should be viewed as a power shift for a business, and this requires dedicated change management.
Roger Halbheer, Chief Security Advisor at Microsoft, highlighted an interesting perspective about breaking down silos: ‘When you start to align to the business, you start to judge success of the security consultants by business project success’.
Before going into deploying advanced measures, it’s crucially important to master the basics. As outlined by Simon Gardiner, enable Multi-Factor Authentication, make sure your VPN solutions are protected, look at when your back-up was last online and tested.
Sandra Elvin and Jim Eckart, recent executive hires and previous CSOs at H&M and Coca-Cola respectively, agreed simplification can strengthen an organization’s security posture. The more security solutions implemented, the harder they become to orchestrate, and a fully-integrated technology stack can ensure that nothing falls through the gaps.
Watch the full summit on demand here.
In the two or so minutes it will take you to read this post – there will be 480,000 attacks that Microsoft has blocked. That’s 4,000 attacks per second, and just represents one vector of attack via identity authentication. The finding is from our annual digital defense report which has shown the sophistication, speed and […]
Mike Hughes
Business Group Director, Security at Microsoft Western Europe
Get the actionable guide to business success and security.
Johanna Winqvist
Microsoft, Modern Workplace
In a world where data and technology and are dramatically reshaping business models, trust is more than ever determining companies’ success. However, many Board members and leaders are only just starting to recognize it – and often lack a clear strategy to enable it. Commissioned by Microsoft and developed by EY, our eBook is all […]
Johanna Winqvist
Microsoft, Modern Workplace
