Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
Moving to more flexible remote work policies has caused telecommunications giant Vodafone to rethink cybersecurity and the potential friction to users. Instead of relying on physical security controls in the office, the company has embraced a Zero Trust strategy that requires authenticating everyone before granting access. I hosted Emma Smith on a recent episode of Security Unlocked: CISO Series with Bret Arsenault to talk about Vodafone’s cybersecurity approach and the importance of workplace inclusion.
When employees don’t feel included, they’re not going to do their best work, according to Emma, who is Vodafone’s Global Cybersecurity Director. She believes it’s up to managers, supervisors, and global security directors to create a workplace where everyone feels heard.
Emma recalls attending her first industry event after taking over as Chief Information Security Officer at Royal Bank of Scotland in 2011. She was one of only six women out of 120 people in the room. That experience made her personally aware of how important it is to feel included and she said workplace inclusion is a subject she holds close to her heart. Vodafone focuses on diversity and inclusion and on how to hire, retain, and progress people of different backgrounds, ethnicities, genders, and ages.
Besides looking out for employees on the issue of inclusion, companies should protect them from security threats. One consistent cybersecurity message from employees—as well as from customers and security teams—is that passwords are extremely frustrating, according to Emma. Because of people’s strong views on passwords, Vodafone has been on a mission to remove them from its environments entirely and instead use secure, simple multifactor authentication. It’s an objective that also comes from knowing there’s one group that loves passwords: cybercriminals. Switching to multifactor authentication can help remove them from the equation by eliminating a favorite way to sneak into a network.
To fight cyber threats, it’s important that threat intelligence teams collaborate with colleagues from different companies to share information on threats and prevention strategies. Fighting as one security community is far more powerful than trying to do it on our own, Emma explains.
During our conversation, Emma also shared her thoughts on the benefits of cloud and secure developer operations (DevSecOps) in cybersecurity and offered four cybersecurity strategies that security practitioners should implement immediately to secure employees, data, and devices. One of them? Don’t get so distracted by new and shiny cybersecurity techniques that you forget security basics. To hear details of this strategy and learn about the other three strategies, listen to Leading an Inclusive Workforce on The CyberWire.
Emma Smith is Global Cybersecurity Director at Vodafone. She began her career in auditing. She worked for two years at Royal Bank of Scotland as Head of Internal Audit, Technology, before taking roles at the bank as Head of Group Information Security, Records and Payments Security, Chief Information Security Officer, and Director of Security and Resilience.
Bret Arsenault is Corporate and Chief Information Security Officer at Microsoft, where he’s responsible for enterprise-wide information security, compliance, and business continuity efforts. He has more than 25 years of cybersecurity experience. He is Chairman of Microsoft’s Information Risk Management Council and hosts Microsoft’s Security Council.
In this podcast series, I talk with cybersecurity peers and Microsoft leaders about today’s biggest challenges in cybersecurity and practical guidance for security practitioners. To learn more, visit our website. In the meantime, bookmark the Security blog to keep up with our coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
You can listen to “Security Unlocked: CISO Series with Bret Arsenault” on: