We collect 8 trn threat signals daily, says Microsoft's Ann Johnson

The top cybersecurity expert at the tech giant says that in India, between February 2 and May 2, 2020, Microsoft's detection tools saw 9100 Coronavirus related cybersecurity threats.

Cybercriminals are taking advantage of the coronavirus outbreak and are targeting employees of companies with Covid-19 related phishing and malware. This is being exacerbated by the fact that workforces are now largely remote and under a lot of stress, said Ann Johnson, corporate vice president – cybersecurity solutions group at Microsoft Corp. Johnson, who oversees the go-to-market strategies of cybersecurity solutions at the Redmond, Washington-based firm, said that organisations need to use technology to help employees, customers and IT professionals to navigate this crisis.

“They (employees)  may not have been equipped in their homes to work remotely and the way they conduct their day to day lives as simple as acquiring food for the family may have changed,” said Johnson. “You need to build systems for them that are very secure and easy for them to use and provide training,” she said.

Johnson said that specifically in India, between February 2 and May 2, 2020, Microsoft’s detection tools saw 9100 coronavirus related threats including malware, URLs, attachments and phishing emails that were using the Covid-19 crisis as a lure to get people to download malicious software on their systems or potentially to give up their credentials. Overall in Asia, Microsoft saw 19 million attacks during that period. India was actually one of the least affected countries besides Australia that Microsoft tracks. “So you (India) had some pretty good controls in place,” said Johnson.

Microsoft is observing a lot of cryptocurrency mining malware and human-operated ransomware campaigns that are wreaking havoc on organizations. Besides this, it is seeing a lot of social engineering and phishing activity to take advantage of the vulnerable psychology of employees who are working in stressful environments. “We're seeing attacks that will say, ‘if you click on this link you will be the first of 1000 people to get the newest Coronavirus vaccine’,” said Johnson. “So there's this sense of urgency that the bad actors try to drive because they don't want the employees to have the opportunity to go ask a colleague, they know they're working from home,” she said.

Prior to joining Microsoft, Johnson's executive leadership roles included  - chief executive officer of Boundless Spatial, a geospatial software specialist. She was also president and chief operating officer of vulnerability management pioneer Qualys, Inc., and vice president of worldwide identity and fraud sales at RSA Security.
 

Johnson said Microsoft is also seeing coronavirus-related cyberattacks in the most vulnerable places such as healthcare organizations, state and local governments and systems, involved in life safety. “There's a lot of patience within the cybercriminal world where they will gain access into an enterprise, do a lot of reconnaissance before they even launch an attack,” Johnson said.

The artificial intelligence capabilities built into Microsoft Security solutions are trained on 8 trillion daily threat signals and the insights of 3,500 security experts. “We can detect previously unknown versions of malware in milliseconds," said Johnson.

At a time, when Covid-19 related cybersecurity threats are increasing, there is a need to help employees practise good security habits during the crisis. This includes multi-factor authentication, which is critical because employees are working remotely and are not potentially protected by the company's firewall. Organisations also need to ensure that employee devices are secure, even if those machines are not issued by the company and need to be equipped with anti-phishing solutions on email.

Johnson said organisations should have ‘digital empathy’ towards their remote workforce, especially during this pandemic. This means understanding that the employees are really doing their best in an environment that may not be ideal for work, and having a lot of empathy for them. “From a security standpoint that means that any mistake they've made is casual and it's not malicious and giving them the tools that are simple for them to use and don't impede their productivity,” she said.

Johnson said customers at present are on a zero-trust journey. They understand that the traditional security controls of being inside a firewall environment, a virtual private network, or those legacy network security controls aren't going to work any longer. As organisations enable remote experiences like accessing teams directly via the internet, they need to ensure security and integrity rating by interrogating the user, the application, the device, the data and assign a risk score continually. Organisations also require to have ‘cyber resilience’ as part of a company's overall operational and business continuity planning. Johnson said this includes the ability to identify and protect critical systems and quickly bring business back online after a major cyber attack with the help of right technology, regulatory and legal framework.