Microsoft announced today that it will lay off 1,900 employees as part of a restructuring plan to streamline its operations and focus on its core businesses. The layoffs will affect employees across various divisions, including engineering, sales, marketing, and finance. Microsoft said that the majority of the affected employees will be notified by the end of March and will receive severance packages and transition assistance.
The company said that the layoffs are necessary to adapt to the changing market conditions and customer demands, as well as to invest in new areas of growth and innovation. Microsoft CEO Satya Nadella said in a statement: “We are taking these steps to ensure that Microsoft remains a leader in the technology industry and a trusted partner for our customers. We are grateful for the contributions of our employees and we are committed to supporting them through this transition.”
Microsoft also said that it will continue to hire in strategic areas, such as cloud computing, artificial intelligence, gaming, and cybersecurity. The company said that it expects to create more than 2,000 new jobs in these fields by the end of the year. Microsoft said that it aims to become a more agile and efficient organization that can deliver value to its customers and shareholders.
New research from Microsoft reveals that attackers are increasingly making use of operational technology to gain new entryways into company networks.
Microsoft’s latest Cyber Signals report highlights how cybercriminals are using Operational Technology (OT) as gateways into an organization’s network. This comes at a time when IoT connections in the region are growing with the GSMA predicting that 1.1 billion IoT connections are expected by 2025 in MENA. It’s this growth in OT and IoT that has given cybercriminals more opportunities to breach an organization’s network.
Microsoft’s Cyber Signals report is a regular cyberthreat intelligence brief spotlighting security trends and insights gathered from Microsoft’s 65 trillion daily security signals and 8,500 security experts. The latest edition has found that converging IT, Internet of Things (IoT) and OT systems pose a wider risk to critical infrastructure.
For CIOs in the Middle East and Africa (MEA), the impact of a possible security breach is top of mind in an increasingly complex threat environment. This can be seen in the 11.2 percent rise in cybersecurity spending in the Middle East and North Africa (MENA) for 2022.
The growing rate of digital transformation within the African region is facilitating the emergence of new attack vectors and opportunities for cybercriminals. The Kenyan government has identified cybersecurity as a key enabler for digital economy. Kenya faces increased cybersecurity challenges and risks that threaten national security and the country’s digital transformation agenda. Cybersecurity statistics indicate that the number of cyber threats detected in Kenya has significantly increased in the last three years. The Communications Authority of Kenya reported 278,030,354 threats detected in the period from July to September 2022, an increase of 99.478% from threats detected between April to June of the same year.
The increase in digital transformation across the region has enabled organizations to manage their buildings, emergency systems and access control with smart devices connected to a network. In addition, we have seen an increase in IoT devices in the workplace to better enable hybrid work such as smart conference rooms with microphones and cameras.
As the threat landscape continues to expand and become more complex, organizations need to rethink their cyber risk approach to stay one step ahead of would-be attackers. Cyber Signals found that there are currently over 1 million connected devices publicly visible on the Internet running Boa, an outdated and unsupported software still widely used in IoT devices and software development kits.
“Organizations are more connected than ever before. From the humble Wi-Fi router to the everyday office printer, IT teams need to view their IoT devices differently and secure them as they would any company laptop to prevent security breaches,” says Phyllis Migwi, Country Manager for Microsoft Kenya. “Gaining complete visibility of an organization’s OT systems and protecting its IoT solutions will go a long way in preventing cyberattacks.”
Global cybersecurity and digital privacy company, Kaspersky, is simplifying its consumer products into Standard, Plus, and Premium. The products will be available on a subscription basis and bring an enhanced user interface (UI) and experience across Windows, Mac, iOS, and Android. The rebrand also introduces features covering security, privacy, performance, and identity.
Kaspersky Standard features security functionalities such as Real-time Protection, Safe Browsing, and Anti-Phishing. Against the latest digital threats and to provide defense from dangerous websites, downloads, and extensions. The Standard plan also offers users a Pre-Kaspersky virus removal tool that can find and remove viruses that may have found their way into users’ PCs before they installed Kaspersky. It includes a Firewall and Network Monitor which shows which apps are connected to the Internet. Additional performance tools, include Quick Startup, PC Speed-up, and Disk Space Cleanup tools. Game and Do Not Disturb mode.
Kaspersky Plus features more Privacy capabilities. It gives users access to everything in the Standard plan plus unlimited VPN and Premium Password Manager. Subscribers also get a Data Leak Checker which monitors the Internet and dark web, warning them of a compromise to their private data and gives remedy recommendations. In addition, the plan includes Password Safety Status and lets them see which devices are connected to the home network,
The Premium plan adds digital identity protection and premium technical support to the plus with priority phone calls, chat services, and remote expert installation.
Kaspersky’s new plan subscription price
Standard also dubbed essential provides security for one user account and up to ten devices. It starts at $24.99 for a device per year. The plus plan also known as the advanced plan starts at $35.99 per device per year and $39.99 for three devices per year for two user accounts. The premium plan which includes a one-year free Kaspersky Safe Kids is available to five accounts and starts at$54.99 per year for up to ten devices. Find out more about the plans here.
[jetpack_subscription_form show_subscribers_total=”false” button_on_newline=”false” submit_button_text=”Subscribe to get updates right in your inbox” custom_font_size=”16px” custom_border_radius=”0″ custom_border_weight=”1″ custom_padding=”15″ custom_spacing=”10″ submit_button_classes=”” email_field_classes=”” show_only_email_and_button=”true” success_message=”Success! An email was just sent to confirm your subscription. Please find the email now and click 'Confirm Follow' to start subscribing.”]
Microsoft is suspending all new sales of its products and services in Russia following Russia’s invasion of Ukraine. This is after the company said it was providing technical advice to the Ukrainian government on steps to prevent destructive malware operations it had identified in systems belonging to multiple Ukrainian government agencies and organizations.
Microsoft President and Vice-Chair, Brad Smith, noted the company will continue to mobilize resources to help the people in Ukraine. It is taking steps to avoid the spread of disinformation and promote instead independent and trusted content. As well as matching employee contributions and providing technology support to first responders to provide help.
Microsoft’s announcement comes after Apple and Google also took actions in response to the Russian invasion. Apple stopped all exports into the sales channel in the country and is limiting Apple Pay and other services. Google, Snapchat and Twitter are all pausing ads and blocking monetizing of content.
Here is the full statement about suspension in Russia
Like the rest of the world, we are horrified, angered and saddened by the images and news coming from the war in Ukraine and condemn this unjustified, unprovoked and unlawful invasion by Russia.
We are announcing today that we will suspend all new sales of Microsoft products and services in Russia.
In addition, we are coordinating closely and working in lockstep with the governments of the United States, the European Union and the United Kingdom, and we are stopping many aspects of our business in Russia in compliance with governmental sanctions decisions.
Our single most impactful area of work almost certainly is the protection of Ukraine’s cybersecurity. We continue to work proactively to help cybersecurity officials in Ukraine defend against Russian attacks, including most recently a cyberattack against a major Ukrainian broadcaster.
Since the war began, we have acted against Russian positioning, destructive or disruptive measures against more than 20 Ukrainian government, IT and financial sector organizations. We have also acted against cyberattacks targeting several additional civilian sites. We have publicly raised our concerns that these attacks against civilians violate the Geneva Convention.
We are also continuing to mobilize our resources to help the people in Ukraine. Our Microsoft Philanthropies and UN Affairs teams are working closely with the International Committee of the Red Cross (ICRC) and multiple UN agencies to help refugees by providing technology and financial support for key NGOs and, where needed, we are defending these groups from ongoing cyberattacks.
As a company, we are committed to the safety of our employees in Ukraine and we are in constant contact with them to offer support in many forms, including those who have needed to flee for their lives or safety.
Like so many others, we stand with Ukraine in calling for the restoration of peace, respect for Ukraine’s sovereignty and the protection of its people.
[jetpack_subscription_form subscribe_placeholder=”Enter your email address” show_subscribers_total=”false” button_on_newline=”false” submit_button_text=”Hi, sign up so you can get the latest in breaking news, reviews, opinions, events, opportunities and community updates right in your inbox. ” custom_font_size=”16px” custom_border_radius=”0″ custom_border_weight=”1″ custom_padding=”15″ custom_spacing=”10″ submit_button_classes=”” email_field_classes=”” show_only_email_and_button=”true”]
Lucy Kerner, Senior Principal Global Cybersecurity Evangelistand Strategist at Red Hat talks about the cybersecurity problem and shares four ways to strengthen your cybersecurity position as an organization.
Lucy notes in this insight that when it comes to cybersecurity, a lack of resources can be a bigger threat than the criminals. Read on to find out more.
Resources have always been a problem when it comes to cybersecurity. You are not always rewarded for doing security the way you are when you develop a new business application quickly. This usually leads to security teams being understaffed and overworked. At the same time, skilled cybersecurity professionals are in high demand, and there is significant turnover in cybersecurity positions.
In fact, when it comes to cybersecurity, a lack of resources can be a bigger threat than the criminals who have their sights set on stealing organizations’ data, money, time, and reputation. This has long been true, but COVID-19 turned the cybersecurity resource challenge into a full-blown problem, causing security to be overlooked in many cases.
In the best of times—or, at least, more normal times—talented cybersecurity resources are difficult to find, expensive to procure, and hard to retain. The pandemic has exacerbated the cybersecurity skills shortage as organizations’ focus and resources have shifted to shoring up, or even building from scratch, work-from-home capabilities. Proactive security has been put on the back burner for many companies, exposing big gaps between the cybersecurity resources.
In a pre-pandemic study conducted by (ISC)2, an international, nonprofit membership association for information security leaders, the cybersecurity workforce gap in the United States was estimated to be nearly 500,000. By combining its US cybersecurity workforce estimates and gap data, the association found that the cybersecurity workforce needs to grow by 62% in order to meet the demands of US businesses today. Using the workforce estimate of 2.8 million based on the 11 economies it studied and a global gap estimate of 4.07 million, the association estimated that the global workforce needs to grow by 145%.
Indeed, respondents to the survey that was used to develop the study said that a lack of skilled/experienced cybersecurity personnel is their top concern, and that the gap puts their companies at moderate or extreme risk. Research for the Ponemon Institute’s 2020 Cost of a Data Breach Report began months before COVID-19 had widespread impact, but supplemental questions related to the potential impact of remote workforces due to the pandemic revealed that 76% of organizations predict that remote work will make responding to a potential data breach more difficult.
With the Ponemon research estimating that the average total cost of a data breach is $3.86 million, preventing a cybersecurity incident in the first place is critical. But all is not lost. Solving the cybersecurity resource problem outright is not going to happen right away, but there are things that organizations can do beyond adding more security bodies. Here’s how to strengthen your cybersecurity position.
1. Establish internal security training and certification programs
Savvy organizations realize that true cybersecurity requires a cultural shift. Essentially, some level of cybersecurity must be part of each employee’s responsibility. That’s not to say that your marketing director will be on the security front lines, of course, but every employee should take part in security education and certification programs. And that doesn’t mean that you can just create a PowerPoint presentation that you force employees to sit through so they can check off a box; it means developing meaningful and relevant programs that engage employees and help them understand the cybersecurity threat and their roles in mitigating it. Think about “lunch and learns,” mock breaches, and even escape rooms.
2. Encourage security cross-pollination
If security is everyone’s job, then security resources should not be limited to the IT department. Think about ways security can cross-pollinate within the organization. Just as security is infiltrating the development arena through the growing DevSecOps movement, security resources could be integrated into other areas, as well. This will not only develop company-wide understanding of security issues, but it will also encourage cross-collaboration and the opportunity to build security into processes, products, and services from the ground up.
3. Take a hard look at your security tooling
Many organizations have security tools they don’t really need or that are out of date and can’t support new technologies such as cloud, containers, or Kubernetes. This wastes time and money. For example, many companies are running legacy security tools designed to protect systems that are no longer used.
Companies also often have too many tools to keep track of, leading to redundant tooling and the inability to manage the growing number of tools. Also, many companies aren’t making full use of security tools that are already built into existing systems, such as the operating system, container platform, or security tooling provided by the cloud provider. A thorough inventory of existing security tooling will reveal what’s needed (and not needed) to address current security concerns.
4. Put a consistent automation strategy in place
With so many moving parts in place, no human or group of humans could ever fill every security hole. Indeed, as IT environments and the world around us become more complex, so do the security events facing IT teams. A consistent automation strategy can help organizations more effectively mitigate risks by reducing human errors, remediate issues, respond quickly to security alerts, and develop repeatable security and compliance workflows.
It’s important to note, however, that automation isn’t one product or even a collection of products. Organizations should look for an approach that overlays a consistent automation strategy across app dev, infrastructure, security operations, and so on. In fact, Ponemon’s Cost of a Data Breach Report noted that organizations with fully deployed automation—versus those with no automation deployed—realize a savings of $3.58 million in average total cost of a data breach.
Is the cybersecurity resource problem unsolvable?
It’s true that, realistically, the resource problem can’t be completely solved, but it’s a problem that you can effectively address and manage with proactive planning, strategic technology implementation, and widespread, ongoing, and engaging security awareness training and collaboration.
[jetpack_subscription_form show_subscribers_total=”false” button_on_newline=”false” submit_button_text=”Sign up and get the latest in the technology ecosystem across Africa and the Middle East.” custom_font_size=”16″ custom_border_radius=”0″ custom_border_weight=”1″ custom_padding=”15″ custom_spacing=”10″ submit_button_classes=”” email_field_classes=”” show_only_email_and_button=”true”]
Check out other stories making the news in the ecosystem.
