Cybersecurity and Windows 11: What you need to know
The Windows 11 operating system (OS) has been with us since October of 2021, and it appears to be popular. Microsoft reports that its adoption rate is twice that of Windows 10. Its release couldn’t have happened at a better time. The PC market was predicted to be on the way out a few years ago. Yet worldwide PC shipment surged to 340 million in 2021, 27% higher than in 2019 according to Canalys.
An incredible 1.4 billion devices are active each month on the Windows platform. That represents a lot of potential business for Windows 11. Vendors such as Acer, AMD, ASUS, Dell, HP, Intel, Lenovo, Qualcomm and Razer have been quick to offer the new OS in their latest models. The likelihood is, therefore, that during the next PC or laptop refresh, Windows 11 will be rolled out in many organizations.
ChatGPT training built for everyone
Windows 11 baked-in security
While there are many improvements included within Windows 11, it is the security upgrades that are receiving much of the attention. Microsoft has responded to the dramatic rise of phishing, ransomware, supply chain and IoT vulnerabilities by baking in a raft of security safeguards that protect from the chip to the cloud.
“Windows 11 is redesigned for hybrid work and security with built-in hardware-based isolation, proven encryption and our strongest protection against malware,” said David Weston, Director of Enterprise and OS Security, Microsoft Azure Edge and Platform.
One innovation is the secured-core PCs that underpin Windows. They make it possible to implement security best practices at the firmware layer or at the device core. This adds an extra layer of defense that combines hardware, firmware and driver capabilities to protect the OS. Its elements include Trusted Platform Module (TPM) chips that can store cryptographic keys and conduct authentication and system integrity measurements. They also can take advantage of secure boot features to prevent any tampering during a system boot and kernel Direct Memory Access (DMA) protection to block a further avenue of cyberattack via other connected devices. Such features help combat phishing incursions. Certified Windows 11 systems now come with a TPM chip.
“Its purpose is to help protect encryption keys, user credentials and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data,” said Weston.
Say goodbye to passwords
This is all part of an architectural redesign that aims to eliminate passwords. Windows Hello for Business is available in Windows 11 systems and should signal the end of Post-It Notes affixed to PC screens or the use of passwords that are easy to crack. This feature also helps IT to manage authentication across the enterprise and add better cloud security as a means of protecting corporate data and identities. It replaces passwords with two-factor authentication that is tied to a device via a biometric or PIN.
On the biometric side, Windows 11 PCs provide integrated biometric authentication processes that use facial recognition or fingerprint matching. Infrared cameras and software are used to raise the accuracy of biometric readings and prevent spoofing. Biometrics data is only stored on the local device to prevent it from being compromised at an enterprise level. External devices or servers never receive any biometric information.
As was the case with Windows 10, Microsoft Defender is included in Windows 11. It provides antivirus software that uses machine learning, big data analysis, access to threat resistance research and other features to prevent viruses and malware from infecting systems. But it goes beyond that to encompass vulnerability management, attack surface reduction, endpoint detection and response, and automatic investigation and remediation.
New Pluton chips advance Windows security
The latest security advance to impact Windows 11 is the Microsoft Pluton security processor. It has been tested extensively in Xbox and Azure environments as a better way to store encryption keys and sensitive data within Pluton hardware integrated into the CPU, making it extremely difficult to access even if the device has been stolen.
The first PCs with this chip have just been released, courtesy of a partnership between Lenovo, AMD and Microsoft. They harness AMD Ryzen 6000 Series processors and enable the Pluton security processor’s firmware to be updated, if necessary, through the standard Windows Update service.
“Even if the attacker has complete physical possession of the PC, the AMD Security Processor and Pluton are designed to co-exist on AMD client silicon to ensure constant communication, which helps to eliminate an attack vector that physical attackers could exploit,” said Weston.
Phishing simulations & training
Securing a reputation
Microsoft hasn’t always had a good reputation for security. Its early systems were frequently attacked via viruses and malware. But the company has worked hard to change that. Windows 11 and its baked-in security features are a testament to that.
“Over the past decade and after several major updates of Windows by Microsoft, there have been serious improvements and enhancements associated with security,” said Greg Schulz, an analyst with StorageIO Group. “With Windows 11 desktop and associated servers, the security and hardening of systems have gone to a new level of cyber-resiliency. This is certainly not your father’s Microsoft Windows.”
Sources
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity and Windows 11: What you need to know
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization