5 takeaways:

➀ The internet was designed for anonymity, not security, so ransomware and other forms of cybercrime won’t be easy to stop. Cyberattacks are occurring at the rate of 579 per second, and will require a collective response by governments, corporations and consumers, said Microsoft security vice-president Vasú Jakkal. Since mass remote work began in 2020, the number of “attack surfaces,” or targets, has proliferated.  So has off-the-shelf malware, “ransomware as a service” groups, and nation-state attackers. “Every device, every identity” must be secured and so-called “zero trust” systems (which assume every user that logs in could be an attacker) are a must, Jakkal said.

➁ Defenses must be deployed even though they are not silver bullets. Often cybercriminals don’t break in, they log in, so cybercrime can only be stopped through mass education aimed at improving the security practices of all internet users, Jakkal said.  Too many people continue to click on unverified links, don’t use free security tools, or don’t install patches and updates. Only 18% of Microsoft customers are using multifactor authentication – systems that require a cell phone, biometric or other personal identifier to verify log-on information, she said. “Passwordless protection,” which uses biometrics, facial recognition or codes and PINS instead of typed-in passwords, is both more secure and more pleasant for users, she said.

➂ Journalists can play a crucial role in educating the public – and reporting stories that go beyond despair.  Evil hackers tend to get a lot of ink, but not so much the “superheroes” who labor outside the limelight to prevent and thwart attacks. “It’s great to talk about the evil geniuses” behind a major cyberattack “because that creates awareness, right?”  Jakkal said. But cyber defenders are equally interesting and inspirational, she argued. Audiences want to cheer – and become – superheroes themselves.

➃ A massive shortage in cybersecurity talent, and a deep workplace diversity gap, deserve more coverage. Amid national concern over pandemic labor shortages, journalists covering hacking and ransomware should also follow the unmet demand for cybersecurity workers. Covering the issues of diversity in the workforce is crucial, Jakkal argued, not only to alleviate the talent shortage but also to improve security. “Cyber crime comes from all types in the world,  all ethnicities, all races, all colors, all genders, all regions, all countries. So our defenders need to reflect the world that we represent,” she said.  “When we have more diversity and more cognitive diversity, we’re looking at things which maybe you and I don’t see, but someone else can say, “That doesn’’t look right. We need to figure that out.”

➄ Insurance against ransomware and cyber-crime is a hot topic — and the norms are in flux. Some insurance companies have paid claims to reimburse clients for damages caused by ransomware attacks, but a few insurers are balking at covering such losses.  “We’re working with insurance companies and our customers across the board to really figure it out,” Jakkal said. “It’s an evolving conversation.”  But prevention of cybercrime is most crucial, she said.