As we live in a world interconnected by bits and bytes, all digital actions are converting into data. With a vast amount of information present in the digital space, data security and privacy are paramount for people and organisations across the globe; and that necessitates an elaborate discussion on how to ensure cybersecurity, and why it is important.
Between April 2022 and April 2023, Microsoft Threat Intelligence detected and investigated 35 million Business Email Compromise attempts with an average of 156,000 attempts daily. A 38 per cent increase in Cybercrime-as-a-Service targeting business emails was also observed between 2019 and 2022. Approximately 4,100 publicly disclosed data breaches occurred globally in 2022 alone, comprising around 22 billion records that were exposed.
Although these figures may seem overwhelming, a little safety and awareness is all we need to ensure a safer digital space. As Bangladesh is galloping towards Smart Bangladesh, and every sector is on the brink of digitalisation, an extensive focus on cybersecurity is necessary.
Rooted in the pillars of Smart Citizens, Smart Government, Smart Economy, and Smart Society, this ambitious vision is propelling Bangladesh to harness the power of technology across all aspects of lives. For an efficient realisation of this vision in tandem with all its pillars, smart data handling is imperative.
Zero Trust is a security framework that requires all users inside or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted access to applications and data
Building a security framework
Besides enabling two factor authentication, setting complicated passwords and changing passwords on regular intervals, a number of fundamental initiatives come into play in tackling this issue. For organizations, big or small, a Zero Trust Security Framework must be established.
Zero Trust is a security framework that requires all users inside or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted access to applications and data. The Zero Trust model assumes that there is no traditional network edge; networks can be local, in the cloud, or a combination, or hybrid with resources anywhere as well as workers in any location.
The Zero Trust model is based on three core principles – the first being “Verify explicitly” which focuses on always authenticating and authorising based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies. Second is “Use the least-privilege access”, which limits user access with just-in-time and just-enough access (JIT/JEA), risk-based adaptive policies, and data protection to help secure both data and productivity. Third one is “Assume breach”, which is about minimizing blast radius and segment access. It includes Verification of end-to-end encryption and use of analytics to gain visibility, driving threat detection, and improving defenses.
To build a Zero Trust Security Framework, organisations should first identify the critical assets that need protection, then map out the data flows of these assets. Afterwards, they should identify the users who have access to these assets, then define the policies that will govern access. The last steps include implementing the necessary technologies to enforce these policies, following which continuous monitoring and necessary policy updates should be considered.
Importance of leadership binding
Leadership plays a crucial role in building a Zero Trust Security Framework. The Zero Trust model requires a cultural shift in the organisation’s security mindset, and this shift must be driven from the top down.
Leadership must ensure that the organisation’s security policies align with the Zero Trust model’s guiding principles. They must also ensure that the necessary resources are allocated to implement and maintain the Zero Trust model. Additionally, leadership should establish training programs for employees on how to identify and report potential security threats.
Finally, leadership’s buy-in within cybersecurity is essential. It's a strategic imperative that requires active participation in safeguarding the organization's reputation, finances, and continuity.
By automatically interpreting signals generated during attacks and effectively prioritising threat incidents, while making adaptive responses to address the speed and scale of adversarial actions, AI has been becoming increasingly prominent in ensuring cybersecurity
Viable investment in a multi-year journey
Spending on a robust cybersecurity interface has also become a necessity. It is an investment that can yield substantial returns. Organisations that prioritise cybersecurity are better positioned to protect their assets, preserve customer trust, and navigate the increasingly regulated digital environment.
The costs of recovering from a cyber-attack incident can be devastating, dwarfing the expenses required to implement a comprehensive cybersecurity framework. Therefore, grasping these long-term benefits and integrating cybersecurity into businesses strategies is indispensable. Significant time and effort have to be put in to reap the benefits in the long run.
The role of AI
Another one of the most transformative and promising developments in this field. Artificial Intelligence, or AI, often in conjunction with machine learning, has the potential to revolutionise how we approach cybersecurity. Through AI-powered systems, it is possible to analyse large volumes of data and identify patterns that might otherwise go unnoticed. This enables early detection of threats, such as malware, phishing attacks, and unusual network behavior. Moreover, AI models can establish baseline behavior for networks, applications, and users. When any deviation from the norm is detected, the system can raise an alert, helping identify potential breaches or insider threats.
By automatically interpreting signals generated during attacks and effectively prioritising threat incidents, while making adaptive responses to address the speed and scale of adversarial actions, AI has been becoming increasingly prominent in ensuring cybersecurity.
It holds the capability to quickly analyze billions of data points and find correlations among them, making tracking down of and tackling cyber threats quicker and more accurate. AI can continuously learn and adapt to new and changing attack patterns. Thus, it can gain insights from past observations to predict future risks of similar attacks, effectively protecting us within the digital space.
Holistic Implementation
Integration of multiple tools and resources often come as one of the key challenges in cybersecurity implementation. The sourcing of solutions from diverse suppliers can lead to compatibility issues, hampering the efficacy of the overall framework.
Hence, businesses must strive to streamline these integrations to ensure a smooth and coherent cybersecurity infrastructure.
Addressing skills gap
Additionally, greater education, training, upskilling and awareness regarding cybersecurity should be ensured, calling for effective public-private partnerships. Collaboration amongst educational institutions, governments, and industry stakeholders can help develop programs that foster cybersecurity expertise from an early age.
Microsoft Learn is a commendable example, offering a global-standard platform for individuals, students, and organizations to enhance their knowledge in this and other arenas.
Besides, being informed about the latest insights and trends regarding the cyber world can better equip us against possible threats. Reports like Microsoft Cyber Signals, a cyberthreat intelligence brief using the latest Microsoft threat data and research, can be quite helpful in this regard. Through expert perspective into the current threat landscape, trending tactics, techniques and strategies, people and organisations can better protect their data, and themselves.
As Bangladesh’s next digital narrative is now being built, the upcoming generations are awaiting a technology dependence like none other. A safe and effective realisation of such a vision requires us to fortify our digital aspirations with a robust cybersecurity framework.
Every scroll, swipe, keystroke, transaction and interaction within cyberspace must be protected to ensure personal and financial safety, streamlined governmental processes, and stimulated economic growth. All of this is achievable through efficient use of technology, widespread awareness and collaborative effort.
While embracing a smart future, we must build a secure one – together.
*Md Yousup Faruqe, Country Managing Director, Bangladesh, Bhutan, Nepal, Microsoft