Don't gamble with your company's investigation process.

Learn about i-Sight software today

6 Things I Learned About Cybersecurity from an Executive at Microsoft

What’s the current cybersecurity climate for organizations? An expert weighs in

Posted by Ann Snook on October 7th, 2020

I’m not always perfect when it comes to cybersecurity. I’ve reused passwords. I’ve avoided software updates. Cyber attacks have always seemed to me like something that happens to seniors or careless people.

Then, Shopify, a huge name in the tech community and a respected business in my city, suffered a data breach. If it could happen to them, it could happen to anyone! This incident reminded me that cybersecurity is important all the time, not just when you remember or when you feel like it.

I wanted to learn what’s new in the cybersecurity landscape and what the future looks like, so I decided to speak with Dean Iacovelli, Director for Secure Enterprise at Microsoft. Here’s what I learned.


Manage and prevent cybersecurity incidents with case management software

A robust case management system helps you resolve cybersecurity breaches faster and analyze trends and areas of risk to prevent future incidents. Download our free eBook to learn how.

Get the eBook

Cybersecurity Isn’t a Fair Fight

While criminals aren’t usually known for fairness, the sheer volume of sensitive data being stored gives cybercriminals a huge advantage. “Attackers only need to be lucky once, while you need to be lucky forever,” Iacovelli says.

Cyber criminals just need to find one slip-up or one tiny crack in your security measures to gain access to all your systems and data.

One employee clicks a link in a phishing email. One person fails to update their security software. One minute of forgetfulness about cybersecurity could mean all the personal and proprietary data you hold is in the hands of bad actors. Data security needs to be on every employee’s mind 24/7.


RELATED: 11 Cybersecurity Threats for 2020 (Plus 5 Solutions)


Resistance to Cloud Hosting Is About Control, Not Security

Despite the cost savings and convenience, some companies and people are resistant to hosting their data in the cloud. They claim it’s for security reasons, but Iacovelli disagrees.

“What people are actually objecting to, whether they know it or not, is loss of control,” he says.

Yes, hosting in the cloud puts your data online, which is more easily accessible to criminals around the world than physical servers in your office. But you’re also protected by some of the most stringent security measures available, especially if you use a large-scale cloud vendor.

Handing over your most precious customer and proprietary data might feel like sending your baby to day care for the first time. It’s scary at first but after you see how secure the set-up is, you’ll wonder how you ever got by without it.


RELATED: A Beginner’s Guide to Cloud Cybersecurity


Compliance is the Promise of Future Security

Data security laws and regulations exist for a reason. Unfortunately, says Iacovelli, “maintaining those standards in-house is expensive, disruptive, sometimes destructive . . . it’s really hard to do.”

Many companies spend too much time and money on compliance or, at the other end of the spectrum, don’t meet requirements and hope they never get caught.

Not complying, though, doesn’t just put you at risk of fines and other punishments from regulatory bodies. It seems obvious, but compliance ensures your data stays secure in the future. The people, processes and technology you use to comply with laws should inform your overarching cybersecurity plan.


RELATED: How to Use Case Management Software for Compliance Automation


Hardening Identity Should Be Your Top Priority

You can buy the fanciest security software on the market, but if your employees don’t protect their credentials, your data is still at risk.

“Of the hundreds and hundreds of controls that organizations have in place for security purposes, how many of those cannot be circumvented if you have a valid, juicy set of stolen credentials? The answer is, almost all of them,” says Iacovelli.

He urges companies to stop relying on passwords and instead, enable multi-factor authentication for all users, not just administrators. Requiring one simple extra step can save you from a devastating data breach or phishing attack.


RELATED: Phishing, Spoofing and Whaling: Tips for Keeping Your Company Safe


COVID-19 and Remote Work Have Changed Cybersecurity

COVID-19 forced millions of employees to work from home, many of whom will continue their remote work indefinitely. Companies had to put their data at risk to keep employees safe.

“Factoring in the home devices . . . is going to become part of the risk calculus and security solutions that are required in order to keep those workers and their data secure,” Iacovelli says.

With employees working on personal devices with less secure internet connections, companies have to get creative with their approach to cybersecurity.


RELATED: Security Tips for Employers Using Remote Workers During the Coronavirus Pandemic


Fortify Your Endpoints to Prevent Attacks

Finally, Iacovelli emphasized that endpoints (individual devices and servers) are where attacks start, so companies need to focus on securing them.

“If [an attacker] gets to the desktop, that’s the battleground. That’s the first place where dumb decisions are going to be made, and bad stuff’s going to start happening. Hardening your endpoints . . . is critical because that’s where you’re first going to see the attack,” he says.

Planning your cybersecurity approach around endpoints helps spot attacks early and prevent them from happening in the first place. As more employees work remotely and/or from their own devices, protecting endpoints is becoming more important than ever.


RELATED: What is Deepfake Identity Theft?


Cybersecurity incidents need to be handled quickly and delicately.

Does your organization have a consistent process for documenting security incidents? Download this free security incident report template to ensure fast yet thorough record-keeping.

Get the Template

Ann Snook
Ann Snook

Marketing Writer

Ann is a marketing writer at i-Sight Software. She writes about issues related to investigations of fraud, employee misconduct, corporate security, Title IX, ethics & compliance and more.

Book A Demo

To our customers: We’ll never sell, distribute or reveal your email address to anyone. Privacy Policy

Want to conduct better investigations?

Sign up for i-Sight’s newsletter and get new articles, templates, CE eligible webinars and more delivered to your inbox every week.