Digital technology is a powerful deflationary force in an inflationary economy. At the recently concluded Ignite, Satya underlined the urgent need for digital transformation of businesses.
"We're moving from a mobile-and-cloud era to an era of ubiquitous computing and ambient intelligence - an era which will witness more digitalisation in the next ten years than the past forty," he said.
When you are talking about digital transformation for your organisation, it is imperative to think about security at the core of the journey. Greater digitalisation entails greater vulnerability to cyber threats.
Cyber threats have increased rapidly over the years, in forms and numbers. In India alone, nearly 1.16 million cases of cyberattacks were reported in 2020 - a threefold increase from 2019 and more than 20 times as compared to 2016.
Also Read: Increasing cyber-attacks show why stringent cyber-security laws are need of the hour
Meanwhile, cyberattacks on organisations worldwide jumped 29 per cent year-on-year during the first half of 2021. We are also seeing a rise in human-operated ransomware and malware attacks on OT and IoT infrastructure.
Cybercrime is already costing economies more than $6 trillion each year, and the number is expected to increase to $10 trillion by 2025.
From a security standpoint, these statistics alone would have been worrisome enough. What's complicating the challenge is the new "hybrid" operating model of organisations. Now, as we move into the Cloud era, we need to strengthen the security postures of organisations to make them truly future-ready.
The hybrid work model presents new security challenges
Almost 75 per cent of IT decision-makers feel that hybrid work has made their organisation more vulnerable to security threats. The expansion of access, the increased number of endpoints, and the freedom to work from anywhere on any device has indeed introduced new threats and risks.
And all this while employees fail to avoid even simple traps like phishing links in emails and spoofed websites. It is therefore essential to add as many layers of protection as possible to keep data and devices secure.
In a hybrid environment, as personal devices become a part of the corporate network, organisations need to revamp or replace their identity and security solutions to establish the right level of trust.
As you find ways to facilitate boundary-less collaboration within the organisation and with people outside it, you need to be mindful of privacy.
Data must flow freely but securely. By safeguarding confidential and personal data, you will not only earn the trust of your customers and employees but also comply with the laws and regulations of the countries that you and your customers operate it.
The future of security will be password-less, integrated, and a combination of outside-in and inside-out approaches In a digital world, where users need access to critical and private information, weak passwords are often an entry point for all attacks.
Although users are creating more complex passwords than before and changing them frequently, attacks continue to persist, nonetheless. I believe that security, in the future, will largely be password-less.
Nobody likes passwords; they're inconvenient, and they are a prime target for cyberattacks. And why bother with passwords if you can have an app that uses biometric details to authenticate your identity?
Cloud security solutions can be integrated with other security and identity solutions to provide powerful threat intelligence and behaviour analytics to address even the most modern attacks.
The key principle is based on a Zero Trust framework-verify explicitly, grant least privileged access, and assume breach- which is relevant to every organisation.
There is also a need to shift the security approach from reactive to proactive. The average cost of a data breach is estimated at $4 million per incident, not to mention the damage caused to the company's reputation.
In my interactions with business leaders and security experts from various industries, I am seeing an increasing sense of realisation that security needs to be addressed from the point of view of both internal vulnerabilities and external threats.
It is like preparing for a soccer game. A team needs both a good defense and a great offense; having only one of the two isn't good enough.
Security should be a part of both product design and organisational culture
Threats can come from anywhere and it's no good locking the door to the house if you leave a window open. At Microsoft, we believe in an inside-out and outside-in approach to security.
We advocate a comprehensive, end-to-end approach so that organisations may secure their entire digital estate. Security should be ingrained in the design itself like it is with Microsoft Teams and Windows.
Organisations should view security for what it truly is - not an add-on, but an engine for survival and success; not a business function, but a part of organisational culture.
As a business leader, you can cultivate a successful security culture in your organisation by understanding its impact on employees, addressing resistance by highlighting the benefits of change, being honest and proactive in your communications, training your employees in skills specific to their area of work, and recognising and rewarding champions of change.
I would like to share three learnings in this regard:-
(The author is Executive Director, Cloud Solutions, Microsoft India.)