This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
Almost every organization today faces security risks. Hybrid work has caused an increase in attacks against remotely managed devices, with a recent Microsoft report showing a five-fold increase in security attacks between May 2021 to May 2022.1 Cyberattacks are estimated to cost businesses an average of $4.24 million USD.1 As these scenarios multiply, successful technology leaders are looking beyond prevention, ensuring the organization can respond adequately to threats as they happen and how they recover in the aftermath. They're focused on building cyber resilience—strategies that help organizations bounce back and leap forward.
Gaining cyber resilience requires taking a pragmatic view of cybersecurity and assuming breaches are inevitable or ‘assuming compromise.' This is a significant shift requiring close partnerships between business stakeholders, IT professionals and leaders, and security professionals. Championing security-first thinking, enabling resilient technology choices, adopting Zero Trust principles, and building security into processes and workflows gets everyone involved in protecting the business. How does this happen?
Invest in cyber resilient technology to withstand disruption
A recent Microsoft report shows that 98% of cyberattacks can be stopped by implementing simple security hygiene practices, including eliminating antiquated applications, devices, infrastructure, enabling multi-factor authentication (MFA), and using modern anti-malware.1 Most importantly, regularly applying firmware and software updates eliminates vulnerabilities on an ongoing basis. Firmware attacks represent one of the most significant risks for organizations, potentially giving bad actors unrestricted and undetected access to networks through devices such as laptops to printers, routers, and more.
To counter, security decision-makers are investing heavily in software security, including firewalls and data encryption, intrusion detection, and attack prevention. However, neglecting to understand the vulnerability of hardware can undermine all those efforts.
A typical security infrastructure is composed of several layers that work together to protect an organization’s assets, data, and operations.
- Policies, roles, responsibilities, standards, and best practices.
- Identity management, permissions, and authentication of users.
- Access to network, digital resources, physical property, and spaces.
- Technology including the hardware and software providing encryption, monitoring, and antivirus protection.
Compromise at the hardware level through a physical device such as a laptop, tablet, smartphone, or IoT device flows up, impacting other layers to reach the data and networks they’re intended to protect.
Remotely managed devices are a target
Beyond firmware, attacks against remotely managed devices are on the rise. These devices include laptops, cameras, and smart conference room technology that may be exposed through open ports and can be exploited by hackers. A recent study found that 46% of IoT/OT attack types were from remote management devices.2
Microsoft designed Surface devices to minimize the risk of threats against firmware, operating systems, and cloud applications. With Zero Trust built in from the ground up, this means security and IT decision-makers can feel confident in investing resources in strategies and technologies that will prevent attacks in the future rather than constantly defending against the onslaught of attacks aimed at them today.
Choose the right technology partner to help build your cyber resilience strategy
In a world of complex IT challenges, choosing the right IT partner can help protect businesses and prepare them to recover. A good IT partner recommends the most suitable hardware, software, and security solutions customized for the business, and reduces the need to juggle multiple vendors or solutions. Partnering with technology decision-makers to choose the right device is foundational to your cyber resilience plan.
References
1. Microsoft, Microsoft Digital Defense Report 2022, 2022.
2. Microsoft Security Insider, Unpatched and Exposed, The Unique Security Risk of IoT/OT Devices, 2022.