The evolving threat landscape has highlighted how attackers are refining their tactics and techniques. It also shows just how far they’re willing to go to disrupt organisations with cyberattacks.

Let’s take the example of human-operated ransomware, and the deliberate targeting of critical infrastructure. This is designed to cause as much financial, operational and societal impact as possible. Additionally, this is often compounded by the pressure from consumers, media and government – and one where core supply chains are cut off or severely disrupted. While the motivation of the cyberattack varies, there is a rise of recklessness. Attackers go beyond disruption into destruction as they learn how to combat and evade security defences. This puts business leaders in a position where they feel they have limited options. With the response likely to play out in the public domain, they often feel like they must pay the extortion demands either to restore services or prevent further disruption.

Enterprise resilience is needed to recover from human-operated cyberattacks. This goes beyond just cyber resilience. It requires a multi-faceted business, technology and operational response to recover services as quickly and effectively as possible across all domains. Resilience is the ability of the business to recover from failures and continue to function, in adverse conditions. It’s not about avoiding failures. It’s about taking proactive action to detect and respond to failures in a way that reduces downtime or data loss.

In the Microsoft Societal Resilience research program, we define resilience as the capacity to anticipate, absorb, and adapt to disruption. As Dr Peter Lee, Microsoft CVP of Research and innovations, says: “If we don’t acknowledge our risks, we can’t anticipate and prepare for them”. This is especially true in today’s world of radical innovation, where the threat actors often move faster than organisations do.

Planning for enterprise resilience against cyberattacks

Business continuity and information protection are absolute requirements for every business. But it can often entail cost, complexity, compliance, and resource to maintain. Using a cloud-based strategy helps to mitigate many of these issues. Building reliable and secure systems in the cloud is a shared responsibility. The reliability ‘of ‘the cloud is the responsibility of the cloud service provider. The reliability ‘in’ the cloud is the responsibility of the organisation. However, according to the National Cyber Security Centre, only three in 10 businesses have business continuity plans that cover cybersecurity.

How to build a secure cloud strategy

Those new to cloud should begin with Azure’s Cloud Adoption Framework, to determine business drivers and strategy. The Microsoft Azure Well-Architected Framework is a set of guiding tenants that architects, developers and solution owners can use to build and optimise reliable, secure and resilient services in the cloud.

Design for reliability and security

Designing for reliability requires an assume failure mindset. Designing for security requires an assume compromise mindset.

Cybersecurity is hard to mitigate for. Adversaries are working to counteract the business continuity strategy by actively adapting and navigating the controls that the business has implemented. If a plan is too rigid and does not anticipate change, it can often fail as the business is not able to react and pivot quickly enough to the ferocity of change or cyberattacks.

Machine learning and AI can take the pressure off IT or security teams with real-time threat detection and automation. This allows them to focus on higher value tasks, such as designing resilient workloads.

Choose the right workload

Designing workloads that are resistant to both natural disasters and malicious human intervention such as cyberattacks requires a thoughtful combination of high availability, disaster recovery and backup solutions. Across the whole environment, you need to consider how likely the primary control is to fail and the potential organisational risk if it does. Additionally, you need to counteract any of these with mitigating factors.

• High availability (HA): The ability of the application or service to continue running in a healthy state, without significant downtime.
• Disaster recovery (DR): The ability to recover from rare but wide-scale failures. For example, service disruption that affects an entire region.
• Data backup: A critical part of resiliency, distinct from storage redundancy solutions.

You can specifically address HA and DR needs with storage redundancy solutions that simultaneously replicate data and services to an alternative location. However, a secondary location can be impacted at the same time a near-real-time attack encrypts data in a primary location. This results in data loss or corruption.

When designing a backup solution for business-critical data in the cloud consider a tertiary, immutable backup (write-once-read-many). This is both physically and logically held away from any primary and secondary backups. As a result, there is another layer of protection against data loss, corruption, or malicious encryption. This is a good option for highly sensitive and regulated entities who are required to legally hold data. Azure Backup provides security features to help protect backup data even after deletion; one such feature is soft delete. If a backup is accidentally or maliciously deleted, soft delete retains it for an extra 14 days. Remember, regularly validate and test backup and restore procedures.

Protect privileged identities against cyberattacks

Often one of the most overlooked part of resilience is protecting the identities that have access to backups. As a result, compromised accounts can be used maliciously to encrypt or delete backups. Even in the example of soft delete, a compromised account with the appropriate rights can disable the feature before deleting backups.

Attackers deliberately target these resources because it impacts the ability to recover. Mitigate this by granting accounts the minimum privilege required to accomplish their assigned tasks. Limit the number of accounts with access to backups (but with a break-glass account included). Protect these with multi-factor authentication (MFA), which stops 99.9% of account compromise attacks. You should also consider just-in-time and just-enough access using dedicated privileged access workstations (PAWS). Log and monitor all changes for verification and compliance.

Validate your response to cyberattacks

To truly know if your strategy can hold up against cyberattacks, you need to successfully measure reliability and security to and understand the resilience of that system. This means testing end-to-end workloads against a range of severe but plausible scenarios.

Chaos engineering is the practice of subjecting cloud applications and services to real world failures and dependency disruptions to build, measure and improve resilience. Fault injection is the deliberate introduction of a failure into a system to validate robustness and error handling.

We use fault injection at Microsoft to induce a major failure or disaster and validate both the recovery and incident management processes. We place strict access controls around this capability to prevent accidents or malicious attacker abuse to safeguard and limit the impact of the testing. This enables the business and IT to consider and prepare for a range of scenarios that determine the robustness and design of the overall solution in a safe environment. It also increases the resilience and confidence in Azure and our services.

Microsoft Ignite 2021 provided a first look at Azure Chaos Studio which is our upcoming native chaos engineering and fault injection service. This will help organisations to measure, understand, and improve the resilience of their Azure applications.

Anticipate and adapt

Organisations require a level of preparedness that anticipates and adapts to a range of scenarios, whether accidental or malicious. The strategy needs to be flexible to adapt to the evolving threat landscape and be capable of delivering effective and scalable enterprise-wide recovery.

The good news is that cloud architectures can help improve enterprise resilience goals whilst enabling effective business continuity.

Find out more

Learn more about backup and disaster recovery

Human-operated ransomware attacks: A preventable disaster

Rapidly protect against ransomware and extortion

Resources to empower your development team

Cybersecurity best practices to implement highly secured devices

Introduction to cybersecurity learning path 

Data discovery, classification and protection learning path

About the authors

Sarah Armstrong-Smith is Chief Security Advisor in Microsoft’s Cybersecurity Solutions Area. She principally works with  strategic customers across Europe, to help them evolve their security strategy and capabilities to support digital transformation and cloud adoption.

Sarah has a background in business continuity, disaster recovery, data protection and privacy, as well as crisis management. Combining these elements means she operates holistically to understand the cybersecurity landscape, and how this can be proactively enabled to deliver effective operational resilience.

Sarah is recognised as one of the most influential women in UK Tech and UK cybersecurity. She regularly contributes to thought leadership and industry publications.

Previously lead investigator for Microsoft’s detection and response team (DART), Lesley Kipling has spent more than 17 years responding to our customers’ largest and most impactful cybersecurity incidents. As Chief Cybersecurity Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning. She holds a Master of Science in Forensic Computing from Cranfield University in the United Kingdom.

The post How to future-proof and secure your organisation against cyberattacks appeared first on Microsoft Industry Blogs - United Kingdom.

Most financial services organisations already have robust defences. However, we know that no network, or system, is infallible. Attackers will use a variety of means to gain access to the estate. The financial services industry is also a high value target for cybercrime and fraud. According to PwC, 69 percent of financial services’ CEOs reported that they are either somewhat or extremely concerned about cyber threats. In a recent podcast with UK Finance, we took a closer look at the current threats facing financial services organisations and why cyber resilience is so important.

[msce_cta layout=”image_center” align=”center” linktype=”blue” imageurl=”http://approjects.co.za/?big=en-us/industry/blog/wp-content/uploads/sites/22/2021/06/SUR21_SurfaceLaptop4_Contextual_Platinum_19_RGB-scaled.jpg” linkurl=”https://anchor.fm/ukfinance/episodes/Enabling-cyber-resilience-in-a-hybrid-world-e12jnb9/a-a5roa9n” linkscreenreadertext=”Listen to the podcast now” linktext=”Listen to the UK Finance podcast now” imageid=”50673″ ][/msce_cta]

The future of work will remain hybrid. People are fluidly working between home and office, intertwining their personal and work networks. Many financial services organisations have security strategies that focus on recovery and operational resilience, with testing and recovery planning. So how can organisations ensure they stay secure and safe in a hybrid environment, while continuing to manage distributed and legacy environments? By making cybersecurity the foundation for operational resilience. Here’s five ways to start.

1.      Assume compromise

Instead of assuming everything behind a corporate firewall is safe, assume compromise. Continually ask ‘what if’. What if an attacker gained access to your network, servers or data? What if a trusted insider gained access to information they shouldn’t? What could be done with it? Therefore, what level of protection is needed to help keep information safe?

Organisations may be operating in a hybrid or multi-cloud environment, using thousands of different applications. Employees may be working on multiple devices in different locations. As a result, a defence-in-depth approach is needed to protect data and services.

The hybrid workplace is borderless, so wrapping security around identity and devices is critical. Recent cyberattacks have shown that identity is the new battleground. Implementing multi-factor authentication (MFA) can prevent 99.9 percent of credential attacks, yet many organisations have yet to fully deploy MFA. We also see Zero Trust security as a business imperative.

2.      Protect identity

Zero Trust takes a risk-based approach by embracing the principle of least privilege. It assumes compromise and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches “never trust, always verify.” Every access is fully authenticated and authorised before granting access.

When integrated with security and compliance solutions, employees can securely sign on once, and access everything needed, when needed. No matter the location.

For Rabobank, taking an identity-first approach to security opened up more productivity for their people.

“The ability to more securely access documents through Microsoft Teams and OneDrive from mobile devices means people can easily work in different locations, but still keep our data and documents highly protected in our environment.”

Erik Passchier, Global Head of IT Infrastructure at Rabobank.

3.      Keep devices and networks healthy

Anything that has a connection to the internet is potentially vulnerable. While the cloud boasts multiple security benefits, organisations need to segment infrastructure and networks, to reduce the probability of lateral movement across the estate. This is especially important for any legacy services or systems that can’t be patched or upgraded.

Ensuring devices and infrastructure are updated with the latest security patches and updates is very important. In the cloud, patching becomes part of the shared responsibility model, making it easy for teams to manage updates.

As part of their hybrid strategy, Rabobank has built robust mobile device management policies and uses tools like Endpoint Manager and Intune. These focus on making it easy for employees to securely access work apps across devices. They use protection policies to restrict company data from being saved to local devices or moving across to other apps.

“Before, I only had access to email while out of the office. Now if I’m traveling to work on the train or working from home, I can call colleagues and we can work together in the same document. The ability to be more mobile is a huge step forward.”

Boy Sleddering, Senior Vice President Corporate Communications at Rabobank.

4.      Automation and audit logs

Automation and orchestration are key to enabling cyber resilience. For example, Microsoft XDR provides better detection, incident response and blocks known threats. Additionally, it’s key to reducing security operations fatigue and increasing efficiency with the volume of alerts. It also provides the opportunity to be proactive by performing active threat hunting. Machine learning can also identify and correlate behavioural-based attacks .

SIEM provides an aggregated and unified experience with investigative capabilities across the estate. Checking for Indicators of Compromise (IOCs), analysing logs, verifying changes, isolating and potentially preserving forensic data is critically important for financial services organisations to leverage as an audit trail for regulators and law enforcement.

Waverton Investment Management used automation to help streamline their security processes, adopting tools including Azure Sentinel.

“Now we have one platform that looks across all our estate. One system, one skillset means greater understanding and more effectiveness. We have a more comprehensive solution, and we can focus staff training on the Microsoft solutions, so we have broader security competence through our team.”

Mudassar Ulhaq, Chief Information Officer at Waverton

5.      Invest in people and skills

We know there is a balance between human capacity and skilled resources which is also at a premium right now. (ISC) ² reports that there is a 3.1 million cybersecurity gap. While automation and machine learning can reduce the noise, the cybersecurity professional skills gap needs to be addressed. Introduce new ways of acquiring talent, apprenticeships and diversity and inclusion programmes. Highlight talent in-house and re- or upskill your employees.

Each employee should have good digital literacy and understand the different type of cyber threats that they may be exposed to, such as phishing attempts and business email compromise. However, leaders must also have digital empathy for the end-user experience and be mindful of the stressors that they be facing. Security and compliance can work together by being dynamic to the changing landscape, and help employees to be safe and secure, through regular tips that reinforce awareness of the policies.

Enabling cyber resilience

Financial services organisation needs to be kept up to date on cyber capabilities and made aware of potential threats on an ongoing basis through both push and pull means. However, key to cyber resilience is collaboration and partnerships. For example, the Financial Sector Cyber Collaboration Centre collaborates with around 40 organisations, including Microsoft. We work together to provide focussed messages across an array of customers that is timely and relevant.

Strong governance, operational resilience and partnerships are key to ensure the financial services industry builds cyber resilience now and, in the future, in the face of an ever-changing landscape.

Find out more

Listen to more in the Future of Finance podcast with UK Finance

Take the Zero Trust Assessment

Drive trust and agility

4 ways to drive the future of security in the financial sector

About the authors

Sarah Armstrong-Smith is a Chief Security Advisor in Microsoft’s Cybersecurity Solutions Group. She principally works with FSI customers in the UK and strategic customers across Europe, to help them evolve their security strategy and capabilities to support digital transformation and cloud adoption.

Sarah has a background in business continuity, disaster recovery, data protection and privacy, as well as crisis management. Combining these elements means she operates holistically to understand the cybersecurity landscape, and how this can be proactively enabled to deliver effective operational resilience.

Sarah has been recognised as one of the most influential women in UK Tech and UK cybersecurity and regularly contributes to thought leadership and industry publications.

Elizabeth is a Principal Cybersecurity Consultant in the Detection and Response Team (DART) and 20+ year veteran at Microsoft. She works directly with financial services and national security agencies in detecting and protecting critical infrastructure.

The post How to enable cyber resilience in the hybrid workplace appeared first on Microsoft Industry Blogs - United Kingdom.

At Microsoft, I’m constantly reminded of how advances in security technology can enable productivity and collaboration. How it can actually create and improve inclusive user experiences. We do this by adapting security policies and processes to reflect how users and consumers are utilising and engaging technology, and new ways of working, on an evolving basis.

What does this way of thinking mean? It means that a people-first approach is essential when considering the best approach to cyber resilience and business continuity. Especially as you navigate the next steps, and prepare you for the unexpected. It will also support your employees to do their best, no matter where they are, or what their circumstances.

Here are four shifts that will support your organisation on the journey to resilience and inclusivity.

1. Drive the future of security with digital empathy

The most successful organisations who empower their people to achieve more by being productive from anywhere, are the ones who are empathetic to the end-user experience. Sometimes this can be a friendly voice over a Teams call, or assisting them as they adapt to new ways of working.

Digital empathy also stretches to making digital solutions more inclusive. This means having tools and policies that adapt to people’s ever-changing circumstances.

Bring Your Own Device Policies

With more users becoming remote and working flexibly, it can be inconvenient for users to carry multiple corporate and personal devices. Its great to see financial institutions rethinking their approach to Bring Your Own Device (BOYD) policies. This offers flexibility and choice for users. It can also speed up the onboarding process and reduce costs in sourcing and maintaining devices.

Of course, this doesn’t come without risk. To protect users’ privacy and control access to corporate services and data, the devices need to be both ‘trusted and healthy’. By utilising a management tool like Intune to prevent unauthorised access and compromise you can:

• Manage at the device level. Mobile Device Management (MDM) lets you enroll devices for management. This includes all data that lives on the device. You have full control to ensure the device is compliant and can manage settings, certificates, and profiles.
• Another approach is Mobile Application Management (MAM). This works well for BYOD scenario. With MAM you can publish, push, configure, secure, monitor, and update mobile apps for your remote workers. This provides application-level controls and compliance, while maintaining the familiar user experience for end users.

2.      A Zero Trust security approach

As employees started working remotely en masse, the traditional type of ring-fenced security had its disadvantages. It often struggled to meet the need of a hybrid workforce, working from different locations, and from multiple devices. Therefore adopting a Zero Trust approach to business continuity and security became an imperative.

The key principles of Zero Trust are quite straightforward:

• Never trust
• Always verify
• Assume compromise

In a Zero Trust model, access by users and devices – both inside and outside the corporate network – is granted based on an evaluation of the risk associated with each request. The same security checks are applied to all users, devices, applications and data every time.

To start with Zero Trust, it’s important to realign around identity. This can benefit employees, as it makes it easier for them to use single sign-on or access data across multiple devices. For example, multi-factor authentication prevents 99 percent of credential theft and other intelligent authentication methods can make accessing apps easier and more secure than just using traditional passwords. This also helps create robust BYOD strategies that work in unison to enable users to be both secure, and productive.

Of course, it’s important to pair a Zero Trust strategy with advanced threat protection and information protection. This helps to detect and prevent lateral movement, and data loss, no matter where it resides.

3.      A people-led focus to a secure control environment

What normally works on-premise does not easily transfer to a cloud or hybrid operating model. particularly when accessing critical services and data from multiple sources.

For example, how is your Virtual Private Network (VPN) set up? It can often force all your network traffic through on-premises data centres, slowing down services and making it hard for employees to work. This may cause frustration. It can cause employees to look for workarounds, potentially bypassing safeguarding controls and policies, and downloading apps from the internet.

This scenario can be fixed by initiating split-tunnelling. This allows trusted cloud services like Microsoft 365 to be accessed straight over the internet. Your VPN can then be used to access critical apps and data that reside in your Data Centre, reducing the load.

In addition, a Cloud Access Security Blocker (CASB) gives you rich visibility over your shadow IT. It provides a centralised approach to monitor and protect access to data, on cloud based apps. As an example, we implemented Cloud App Security for more than 150,000 employees globally. Apps that don’t meet our stringent security standards are blocked. Popular and trusted apps are onboarded to our Azure Active Directory, making it easier for employees to access what they need securely.

4.      Providing resilient education to improve security

As cybersecurity matures, so do adversaries. They are adept at changing techniques and tactics, and at exploiting local or global events to lure victims via phishing campaigns. Using cloud-based security means you can take advantage of intelligent threat protection and analytics. For example, we collect and analyse over 8 trillion telemetry signals daily from a diverse set of products, services, and feeds around the globe. At the same time, you need to ensure your employees have the knowledge to protect themselves to reduce compromise. During times of crisis and change, users need to be warned to expect more phishing and social engineering attempts. It’s also useful to understand the psychology behind what makes people click.

This stretches beyond standard cybersecurity training. It’s about being empathic as I mentioned earlier, to what is going on inside and outside of the company. As much as we talk about external threats, we must be mindful to the increase in insider threats as well.

Insider threats

With all the changes that may be happening, we have to be mindful to how users are adapting and coping with the situation. We need to think about the stressors (fear and uncertainty about their jobs, balancing work and home life), and how this could impact a person.

Not all insider risks are malicious in intent. It can often come down to a lack of awareness of policies, knowledge, or frustration of not being able to work productively, that leads to mistakes. Conversely concerning behaviour, such as downloading or printing sensitive files, renaming files, using unapproved apps, or copying files onto external devices could be a sign of malicious intent.

While these behaviours don’t automatically arouse suspicion, it’s important to actively look for patterns of anomalous behaviour and mitigate them. With digital empathy, we can pre-empt and reduce some of the stressors or situations with wellbeing programmes and education that are empathetic and supportive to employees, reducing the chance of insider risks.

An effective security culture allows users to work productively while they help keep the business safe. Our built-in approach to security works across platforms, locations and tools – so it’s easier for your people to comply.

The future of security

One of the things we’ve learnt this year is to expect severe, but plausible scenarios. It can seem daunting to prepare for the extreme unknowns – but that’s what we have to do. Organisations are becoming more reliant on cloud and hybrid technologies. Therefore, successful strategies must include a people-based approach to cyber resilience. These four shifts, focussing on digital empathy and zero trust will help you to take advantage of innovative and integrated technologies that enable you to achieve more, with less.

Find out more

Get the guide to building resilience

How modern cybersecurity helps you stay productive and resilient

3 ways the banking sector can innovate in the new normal

Join the conversation at Envision

Digital technology is changing not just how organisations operate but how leaders lead. Join us at Envision, where executives across industries come together to discuss the challenges and opportunities in this era of digital disruption. You’ll hear diverse perspectives from a worldwide audience and gain fresh insights you can apply immediately in your organisation.

Connect with leaders across industries to get relevant insights on leadership in the digital era.

About the author

Sarah Armstrong-Smith is a Chief Security Advisor in Microsoft’s Cybersecurity Solutions Group. She principally works with FSI customers in the UK and strategic customers across Europe, to help them evolve their security strategy and capabilities to support digital transformation and cloud adoption.

Sarah has a background in business continuity, disaster recovery, data protection and privacy, as well as crisis management. Combining these elements means she operates holistically to understand the cybersecurity landscape, and how this can be proactively enabled to deliver effective operational resilience.

Sarah has been recognised as one of the most influential women in UK Tech and UK cybersecurity and regularly contributes to thought leadership and industry publications.

The post 4 ways to drive the future of security in the financial sector appeared first on Microsoft Industry Blogs - United Kingdom.