As the landscape of work has changed, so have cyberthreats. Technology has enabled the rise of remote and hybrid working. However, this increasingly complex environment also means there’s more vulnerabilities. Leaders have seen three trends rise:

1. Stay competitive in a fast-evolving business landscape.
2. Defend against cyber threats.
3. Achieve both the above goals while reducing complexity and modernising the business.

To manage risk in a hyper-connected digital environment, organisations must evolve their cybersecurity strategies. A traditional perimeter-based approach needs to shift to a posture of resilience.

At Microsoft, we analyse over 24 trillion threat signals daily and engage with hundreds of thousands of customers. This allows us to share our unique perspective on the threat landscape and the top challenges facing organisations today, and the ways they can overcome them.

Embrace vulnerability to drive cyber resilience

In today’s world, work happens across premises, cloud applications, devices and networks. However, our Work Trend Index states 52 percent of employees are considering hybrid or remote work. That means flexible ways of working are here to stay.

As a result, businesses won’t be able to retreat back to walled on-premise security options. Leaders must embrace vulnerability as a feature of hybrid work and minimise the business impact of attacks.

Implement the cybersecurity fundamentals

According to our Digital Defense Report, basic security hygiene still protects against 98 percent of attacks. Take basic security precautions like:

• Enabling multifactor authentication
• Applying least privilege access
• Keeping versions up to date
• Utilising antimalware
• Protecting data

This can help organisations prepare for and mitigate most modern cyber threats. Additionally, it can help prepare for the evolution of threats as technology advances.

Get started with Microsoft Security Best Practices

Adopt Zero Trust for cyber resilience

In a world where it’s harder to predict or prevent an attacker, it’s important to assume they will get in and limit their exposure. This approach – never trust, always verify – is called Zero Trust. By centering on strong user identity, device health verification, and secure, least-privileged access to resources, organisations can minimise unwanted movement. Plus, rich analytics and intelligence can help detect and respond in real time.

A Total Economic Impact™ study conducted by Forrester Consulting and commissioned by Microsoft found that Zero Trust unlocked 92 percent return of investment and reduced the risk of a data breach by 50 percent.

Take the Zero Trust assessment

Empower users

As we connect more systems together, our security landscape can become more complex. When you focus on digital empathy, you can ensure users can easily and securely engage with the environment. By thinking about the way users interact and use technology, you’ll build more inclusive, resilient systems.

Education is also key. With ongoing and engaging skilling, you’ll build a culture of enablement, trust, and engagement. This will significantly improve reporting and provide earlier warning of attacks. We saw a 50 percent year-over-year reduction in employee susceptibility to phish attacks after simulation training.

Insider risk, whether malicious or negligent, can cost organisations up to US$4.6m per incident, according to the 2022 Cost of Insider Threats Global Report by Ponemon Institute. It’s important to develop the right strategy that supports digital empathy, while reducing insider risk.

Learn how to protect data from insider risk

Unify your digital estate

As organisations move to cloud servers to deliver business functions, there is the need to have effective threat protection, mitigation strategies, and tools in place. 61 percent of security leaders say the cloud is the most susceptible to attack. Securing the cloud takes a different approach than securing an internal network. However, with misconfiguration and inconsistent security policy application being the chief cloud vulnerabilities, it’s important to ensure you have informed cloud experts in your team.

Protect devices and endpoints

A Zero Trust approach alongside integrated business security solutions can help build resilience, while protecting across your digital estate, including endpoints. And when paired with devices that have built-in security, empower employees to focus on their work while staying secure.

Protect your organisation from anywhere with endpoint security

Weave cybersecurity into business function to build cyber resilience

Our research found that more than half of security leaders feel vulnerable to a significant cyberattack. At the same time, those who felt most vulnerable are the most mature in their security posture.

A Zero Trust posture elevates security from a protective service to a strategic business enabler. By ensuring everyone can understand policies and risks, security is embedded into each function, building a culture of trust.

Cloud technology can also help build resilience by making organisations more agile to external factors like natural disasters and other incidents – not just cyberthreats. And all while driving innovation and productivity.

Find out more

Microsoft Digital Defense Report

Imagine security that drives innovation

Learn how to protect data from insider risk

Protect your organisation from anywhere with endpoint security

About the author

The post Drive cyber resilience and stay secure against heightened threats appeared first on Microsoft Industry Blogs - United Kingdom.

The evolving threat landscape has highlighted how attackers are refining their tactics and techniques. It also shows just how far they’re willing to go to disrupt organisations with cyberattacks.

Let’s take the example of human-operated ransomware, and the deliberate targeting of critical infrastructure. This is designed to cause as much financial, operational and societal impact as possible. Additionally, this is often compounded by the pressure from consumers, media and government – and one where core supply chains are cut off or severely disrupted. While the motivation of the cyberattack varies, there is a rise of recklessness. Attackers go beyond disruption into destruction as they learn how to combat and evade security defences. This puts business leaders in a position where they feel they have limited options. With the response likely to play out in the public domain, they often feel like they must pay the extortion demands either to restore services or prevent further disruption.

Enterprise resilience is needed to recover from human-operated cyberattacks. This goes beyond just cyber resilience. It requires a multi-faceted business, technology and operational response to recover services as quickly and effectively as possible across all domains. Resilience is the ability of the business to recover from failures and continue to function, in adverse conditions. It’s not about avoiding failures. It’s about taking proactive action to detect and respond to failures in a way that reduces downtime or data loss.

In the Microsoft Societal Resilience research program, we define resilience as the capacity to anticipate, absorb, and adapt to disruption. As Dr Peter Lee, Microsoft CVP of Research and innovations, says: “If we don’t acknowledge our risks, we can’t anticipate and prepare for them”. This is especially true in today’s world of radical innovation, where the threat actors often move faster than organisations do.

Planning for enterprise resilience against cyberattacks

Business continuity and information protection are absolute requirements for every business. But it can often entail cost, complexity, compliance, and resource to maintain. Using a cloud-based strategy helps to mitigate many of these issues. Building reliable and secure systems in the cloud is a shared responsibility. The reliability ‘of ‘the cloud is the responsibility of the cloud service provider. The reliability ‘in’ the cloud is the responsibility of the organisation. However, according to the National Cyber Security Centre, only three in 10 businesses have business continuity plans that cover cybersecurity.

How to build a secure cloud strategy

Those new to cloud should begin with Azure’s Cloud Adoption Framework, to determine business drivers and strategy. The Microsoft Azure Well-Architected Framework is a set of guiding tenants that architects, developers and solution owners can use to build and optimise reliable, secure and resilient services in the cloud.

Design for reliability and security

Designing for reliability requires an assume failure mindset. Designing for security requires an assume compromise mindset.

Cybersecurity is hard to mitigate for. Adversaries are working to counteract the business continuity strategy by actively adapting and navigating the controls that the business has implemented. If a plan is too rigid and does not anticipate change, it can often fail as the business is not able to react and pivot quickly enough to the ferocity of change or cyberattacks.

Machine learning and AI can take the pressure off IT or security teams with real-time threat detection and automation. This allows them to focus on higher value tasks, such as designing resilient workloads.

Choose the right workload

Designing workloads that are resistant to both natural disasters and malicious human intervention such as cyberattacks requires a thoughtful combination of high availability, disaster recovery and backup solutions. Across the whole environment, you need to consider how likely the primary control is to fail and the potential organisational risk if it does. Additionally, you need to counteract any of these with mitigating factors.

• High availability (HA): The ability of the application or service to continue running in a healthy state, without significant downtime.
• Disaster recovery (DR): The ability to recover from rare but wide-scale failures. For example, service disruption that affects an entire region.
• Data backup: A critical part of resiliency, distinct from storage redundancy solutions.

You can specifically address HA and DR needs with storage redundancy solutions that simultaneously replicate data and services to an alternative location. However, a secondary location can be impacted at the same time a near-real-time attack encrypts data in a primary location. This results in data loss or corruption.

When designing a backup solution for business-critical data in the cloud consider a tertiary, immutable backup (write-once-read-many). This is both physically and logically held away from any primary and secondary backups. As a result, there is another layer of protection against data loss, corruption, or malicious encryption. This is a good option for highly sensitive and regulated entities who are required to legally hold data. Azure Backup provides security features to help protect backup data even after deletion; one such feature is soft delete. If a backup is accidentally or maliciously deleted, soft delete retains it for an extra 14 days. Remember, regularly validate and test backup and restore procedures.

Protect privileged identities against cyberattacks

Often one of the most overlooked part of resilience is protecting the identities that have access to backups. As a result, compromised accounts can be used maliciously to encrypt or delete backups. Even in the example of soft delete, a compromised account with the appropriate rights can disable the feature before deleting backups.

Attackers deliberately target these resources because it impacts the ability to recover. Mitigate this by granting accounts the minimum privilege required to accomplish their assigned tasks. Limit the number of accounts with access to backups (but with a break-glass account included). Protect these with multi-factor authentication (MFA), which stops 99.9% of account compromise attacks. You should also consider just-in-time and just-enough access using dedicated privileged access workstations (PAWS). Log and monitor all changes for verification and compliance.

Validate your response to cyberattacks

To truly know if your strategy can hold up against cyberattacks, you need to successfully measure reliability and security to and understand the resilience of that system. This means testing end-to-end workloads against a range of severe but plausible scenarios.

Chaos engineering is the practice of subjecting cloud applications and services to real world failures and dependency disruptions to build, measure and improve resilience. Fault injection is the deliberate introduction of a failure into a system to validate robustness and error handling.

We use fault injection at Microsoft to induce a major failure or disaster and validate both the recovery and incident management processes. We place strict access controls around this capability to prevent accidents or malicious attacker abuse to safeguard and limit the impact of the testing. This enables the business and IT to consider and prepare for a range of scenarios that determine the robustness and design of the overall solution in a safe environment. It also increases the resilience and confidence in Azure and our services.

Microsoft Ignite 2021 provided a first look at Azure Chaos Studio which is our upcoming native chaos engineering and fault injection service. This will help organisations to measure, understand, and improve the resilience of their Azure applications.

Anticipate and adapt

Organisations require a level of preparedness that anticipates and adapts to a range of scenarios, whether accidental or malicious. The strategy needs to be flexible to adapt to the evolving threat landscape and be capable of delivering effective and scalable enterprise-wide recovery.

The good news is that cloud architectures can help improve enterprise resilience goals whilst enabling effective business continuity.

Find out more

Learn more about backup and disaster recovery

Human-operated ransomware attacks: A preventable disaster

Rapidly protect against ransomware and extortion

Resources to empower your development team

Cybersecurity best practices to implement highly secured devices

Introduction to cybersecurity learning path 

Data discovery, classification and protection learning path

About the authors

Sarah Armstrong-Smith is Chief Security Advisor in Microsoft’s Cybersecurity Solutions Area. She principally works with  strategic customers across Europe, to help them evolve their security strategy and capabilities to support digital transformation and cloud adoption.

Sarah has a background in business continuity, disaster recovery, data protection and privacy, as well as crisis management. Combining these elements means she operates holistically to understand the cybersecurity landscape, and how this can be proactively enabled to deliver effective operational resilience.

Sarah is recognised as one of the most influential women in UK Tech and UK cybersecurity. She regularly contributes to thought leadership and industry publications.

Previously lead investigator for Microsoft’s detection and response team (DART), Lesley Kipling has spent more than 17 years responding to our customers’ largest and most impactful cybersecurity incidents. As Chief Cybersecurity Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning. She holds a Master of Science in Forensic Computing from Cranfield University in the United Kingdom.

The post How to future-proof and secure your organisation against cyberattacks appeared first on Microsoft Industry Blogs - United Kingdom.

Multi-factor authentication adds another layer of protection to the sign-in process. After all, if you only use a password to authenticate users, it leaves an insecure vector for attack. What if the password was weak? Or if it was exposed elsewhere? Are you sure that person signing in is really the user? When you require a second form of authentication that isn’t easy to obtain, you are building another layer of security.

Therefore, ensuring you use the right type of MFA service is of critical importance. Different MFA solutions can have a dramatic impact on cost, user experience and your resilience to service outages and attacks. In this post we’re going to look at some of these factors and make some recommendations to ensure your MFA solution enables your organisation, and your people, to be productive safely.

1.      Optimise security processes to bring down costs

A vulnerable entry point for cyber attackers is to use credential-based attacks to access networks and steal data or spread ransomware. However, multi-factor authentication stops 99.9 percent of credential-based attacks. That’s why MFA really is one of the most fundamental security measures. At Microsoft, we deploy MFA to protect our customers, our data, systems, and our business. Azure AD MFA is used across our consumer platforms like Outlook.com and Xbox, as well as thousands of other online services. In fact, its foundational to our five steps to secure your identity infrastructure.

Online retailer Asos uses Azure AD (including MFA) to protect identity as the new perimeter. By automating, provisioning and deprovisioning user accounts across its SaaS landscape, they have reduced costs and errors, all while improving productivity.

“Our service desk spends much less time setting up users and creating or deleting accounts, which gets our costs down,” says Mark Lewis, Infrastructure Architect at ASOS. “We made our lives easier by adopting Azure Active Directory—we’ve saved time and money, improved the employee experience, and enhanced the security of our entire SaaS ecosystem.”

Where cost may be a blocking factor, in Azure AD the options to use SMS and phone-based MFA are free. In the case where certain users might be specifically targeted, you can selectively upgrade people to P1 or P2 licensing models and nudge people towards using the Microsoft Authenticator app with a one-time-password or notification-based MFA.

These days, it’s easy to enable MFA for all with one click. However, you don’t have to take a single, big-bang approach. You can onboard users into MFA in batches that are digestible by your service desk. Typically, 10 percent of any given batch will need support, so the ability to onboard in batches has a dramatic impact on the cost of deploying MFA. For employees, using multi-factor authentication when paired with single sign-on can increase productivity as they can access everything they need without re-entering passwords.

And if there is still resistance, this is one of those measures which business leaders should by now expect. We’ve seen the reports of the cost and reputational damages that security breaches can have on organisations. Leaders should be challenging IT to ensure the safety of their customers, employees, systems and data. And MFA is one of the critical elements to delivering that.

2.      Balance security and productivity with multi-factor authentication

Pre-cloud, security was ring-fenced around the data centre and the physical office, with the network perimeter as the main defence. Often, these featured early methods of MFA – such as one-time passcode fobs or smart cards. However, on-premise environments can be open to attack through misconfigured web and VPN services, lack of patching, as well as credential hygiene issues.

As organisations move to hybrid cloud-based environments, they can take advantage of existing Zero Trust capabilities with the knowledge that we will be investing a further $20 billion in our security solutions over the next five years to help defend against ransomware and other threats. With MFA in Azure AD you are consolidating your identity services into a strong and highly trusted environment. You’re not only increasing your resilience to ransomware and supply chain attacks, but also other outages that can occur on-premises.

For Durham University, they used MFA and Azure AD to ensure their staff and students could keep learning remotely. They use single sign-on to access everything they need whilst keeping their intellectual property secure. “By migrating to Azure AD, we’ve moved the responsibility of high availability to Microsoft, who, let’s face it, are scaled to do a better job than we could. Our services are much more resilient.” Says Craig Churchward, Technical Specialist for Windows Platform.

You can also maximise your ability to take advantage of new features as they are delivered, without any concerns for integration and support across vendors. Additionally, older platforms often involve backend server infrastructure, physical tokens and the man-hours needed to issue, replace and troubleshoot those tokens. With Azure AD MFA, users no longer need physical tokens. Additionally, there’s no server infrastructure to maintain. Your IT and security teams can focus on high-value tasks.

3.      Multi-factor authentication empowers secure hybrid working

A core tenant of Zero Trust is to never trust – always verify. Regardless of where the request originates or what resource it accesses, it is always fully authenticated, authorised, and encrypted before granting access. This helps build secure hybrid working. It makes it easier for employees to connect from anywhere, on different devices while protecting organisational data.

MFA and Conditional Access are key to Rabobank’s mobility strategy. “We require multi-factor authentication for mobile access today and have Conditional Access policies set up to require new device enrollments to happen on the corporate network. Most importantly, people can enroll and get access quickly—which is good, because we didn’t want to create this digital workplace and slow people down with security,” says Abe Boersma, Global Head of Workplace Services.

Identity is now recognised as one of the core services we use to secure the enterprise. Your identity stack, including your MFA service, is a key component of Microsoft’s security control plane. You can discover more in the guidance found in the Microsoft Cybersecurity Reference Architectures (MCRA) and Enterprise Admin Model.

4.      Build a strong security culture

A human-first security culture will help employees stay productive and secure in the hybrid workplace. One factor of this to have a strong password policy. At Microsoft, we see over 10 million username/password pair attacks every day. Build your strategy on updated password policy guidance from NIST, NCSC and Microsoft. Using technology such as Windows Hello for Business, the Microsoft Authenticator app and FIDO2 tokens alongside MFA will help to reduce successful credential attacks You can find out more about passwordless tech from Microsoft Security Team member, Alex Weinert in his blog; Your Pa$$word doesn’t matter.

If passwords are going to be with you for the foreseeable future, Azure AD Password Protection helps users select passwords that are not commonly known and Azure AD Self-Service Password reset will minimise the operational cost of passwords.

5.      Close the door on insecure legacies

From our research, we’ve seen most opportunistic attacks target legacy authentication protocols that bypass MFA. But there is an effective control to prevent this. Disabling legacy authentication and enabling MFA is one of the most impactful things you can do to prevent credentials from being compromised. Microsoft provides the tools to you accomplish this. In new Azure tenants, legacy authentication protocols are disabled by default, but many existing tenants still have this enabled.

Building a secure hybrid workforce

Multi Factor Authentication is becoming increasing important for an organisation’s cybersecurity. To stay resilient, organisations need to ensure employees can securely and easily access their work across devices, no matter where they are. MFA helps achieve this. Also, by modernising MFA organisations can increase resilience to attacks and service outages. They can also improve agility in adopting new features while supporting legacy systems.

Find out more

Build a modern security strategy

Security and mobility

Discover MFA

Resources to empower your development team

Secure Azure Active Directory users with Multi Factor Authentication

Manage identity and access in Azure Active Directory 

How Multi Factor Authentication provides secure access to resources

About the author

Gavin works within the Customer Success team at Microsoft. His aim is to make customers more productive, more secure, and ultimately more successful through features like Azure AD. Having seen what modern ransomware attacks can do up close, Gavin is passionate about helping keep an organisation’s customers, staff, systems and data safe. He is also a keen cyclist (on and off road), husband and father to three young children. You can catch him on Twitter @gvnshtn and on LinkedIn.

The post How multi-factor authentication empowers secure hybrid working appeared first on Microsoft Industry Blogs - United Kingdom.

By moving to a natively integrated suite of tools, you’ll reduce your overall spend, the amount of training required, the manual workload on your staff, and the scale of your attack surface.

Cyber-security is a bit like an insurance policy – we are never quite sure how much is enough or if we have all the risks covered. I’m often asked how do we “solve” cyber-crime, how can we make it “stop”? Think of cyber-crime in the same way as you would a burglary. It’s a criminal activity and it’s not going away any time soon.  We can, however, put measures in place to make it harder and reduce the time to detection.

Here are five ways Microsoft can help you keep your business secure, without compromising productivity:

1. The cloud is a security imperative

According to the 2019 Verizon Data Breach Report, 32% of breaches involved phishing, 29% involved stolen credentials and 56% of breaches took months or longer to discover.

The average time to detection in Europe and the US is about 70 days. That means a cyber-security attacker has access to your data for over two months before you find out they are there. That can have an incredible impact on customer trust.

Through cloud platforms, we’re able to do things that we’d never be able to do previously with a multitude of on-premises security solutions and can look at a global threat, in real time and at hyper scale.

2. Harnessing the power of data and intelligent technology

We see something like six-and-a-half trillion suspicious events every day. We can then leverage machine learning to rationalise those threats to something that’s actually actionable by humans, assuming that it’s not an event we automatically remediate them, across the world. As threats develop around the world, we analyse and remediate them locally and use that same remediation to protect all of the customers globally, while they are asleep, before you even get to work.

3. Staying up to date with the latest threats

Ransomware still makes headlines. However, we encounter it at much lower volumes compared to other malware, and tactics such as crypto-currency mining. Ransomware attacks happen when bad actors encrypt and threaten to delete a user’s or organisation’s valuable information unless they pay a ransom.

Ransomware has been on the decline in recent times since victims have not been paying the ransoms and companies have been able to retrieve locked up files from their backups. Still, it continues to be a threat in some regions, primarily due to a lack of security hygiene, with occasional spikes in encounter rates.

4. Secure and convenient authentication

The Identity Security and Protection team sees an ever-increasing number of user accounts attacked. A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services. Over the past year 81% of all attacks were the result of weak/compromised credentials.

We’re investing in the next gen of authentication solutions, such as password-less authentication, where you can eliminate passwords entirely from the end-user flow.

We also continue to invest in tried and tested solutions such as multi-factor authentication, as well as innovative cloud-powered solutions like Azure AD Password Protection. This helps you secure your user credentials, without compromising productivity.

5. Zero trust security policies

Organisations today are moving beyond the physical security perimeter and using models like Zero Trust, where every service is treated as though it were on the open internet and any access is verified using a variety of identity, device, app, location, and risk conditions.

This dramatically reduces the risk of breaches and provides more granular control.

Azure AD Conditional Access helps you achieve Zero Trust and can be used to protect information through controls that can allow, block, or limit access.  Rather than one rule for all, access is granted, limited, or denied based on a combination of user risk and session risk.

The team you never knew you had

At Microsoft, we’ve been servicing enterprise for more than 30 years. No one comes close to our experience in combating cyber-security and understanding the needs of customers.

We invest $1 Billion in security annually, have more than 3,500 security experts focused on security, and access to a network of data centres around the globe.

Find out more

Watch Stuart’s session from Future Decoded: A cybersecurity view from Microsoft

About the author

Stuart has been with Microsoft in the UK since 1998 and is the National Security Officer for Microsoft in the UK. Prior to that, he has worked as strategy consultant to a variety of UK Government customers, mostly within the defence arena, and run a number of Government Programs with the UK including the Government Security Program, the Security Co-Operation Program, and the Welsh Language Program. He still continues to run the UK GSP program today. Prior to joining Microsoft, Stuart worked as a consultant for ICL in their Power of 4 Consultancy, mostly focused in the defence and government spaces. Before ICL, he worked for Barclays Bank in a number of application development and IT infrastructure roles. He has been actively involved in computer security-related activities since the early 1980’s.

The post The team you never knew you had: 5 ways Microsoft can help secure your business appeared first on Microsoft Industry Blogs - United Kingdom.