What Is Cyber Hygiene and What Does It Mean to Cybersecurity?
As part of the panel discussion, Juarez welcomed Chris Wysopal, CTO of Veracode, to talk about cyber resilience. Juarez asked him about the combination of hygiene and security.
“We used to kind of call it best practices,” Wysopal said. “Like, the things that you just needed to do, the basics in security that you needed to do. And I think that that terminology just doesn’t really work, and cyber hygiene works much better.”
He explained that certain security tasks must be performed continuously, such as knowing your assets and scanning them for vulnerabilities. “That’s why the word hygiene works really well, because it’s that continuous, everyday type of process.”
Jakkal agreed, listing three aspects of good cyber hygiene “Great hygiene starts with great awareness,” she said. “You need to understand what your cyber security looks like. What’s happening in the world outside? Second, you need to make sure you have foundational security elements that you’re building, like multifactor authentication. And then last, you need to make sure that you have end-to-end security, zero trust.”
How to Assess Your Overall Cyber Hygiene
Juarez turned the conversation toward security assessment, asking how an organization could assess its cyber preparedness. Wysopal responded that there are resources, such as the steps listed in the Center for Internet Security’s Critical Security Controls.
In addition to these foundational aspects, Wysopal also pointed out the importance of multifactor authentication and the need to implement it everywhere possible. “People are just starting to use these SaaS applications. They’re downloading, they’re using applications in the organization, and there needs to be a process to make sure that two-factor is enabled before you start using that application, or these things just creep in. And all of a sudden, you're missing things.”
Jakkal recommended Microsoft Secure Score for help with assessments. She mentioned that there are two ways of using Secure Score: in Microsoft 365, which Jakkal described as Microsoft’s extended detection and response posture management, and in the cloud through Azure Secure Score, which can help in understanding your organization’s cloud security. “We are multicloud and multiplatform, so our solutions protect across AWS and GCP and Android and iOS and Mac OS and Linux.”
Microsoft Announces Security Enhancements to Windows
In a related session at the event, Panos Panay, executive vice president and chief product officer at Microsoft, led a panel that included an overview of the new ways Microsoft is baking security into the design of its products and platforms. He highlighted the connection between data and AI, which has allowed the creation of new features.
Ramya Chitrakar, Microsoft’s vice president of engineering, expanded on the use of automation to enhance security at Microsoft. “It uses these machine learning models to proactively alert IT to anomalies,” she said. “We surface anomalies based on their severity, starting with those that impact end-user productivity the most.”
“Now, let’s take application regressions: We detect those on your Windows devices. And then, we harness the power of trillions of signals that we get from the Microsoft Cloud to mitigate the critical problems for end users,” she explained.
Chitrakar also spoke about Windows Autopatch, which can help relieve the burden of frequent security updates. “It’s an automated service built on top of Intune with an intent to stay current, with updates and patches for things like Windows and Office, Teams, Edge,” she said. “And it really improves your security posture by not skipping those key updates.”