Trace Id is missing

Expert Profile: Christopher Glyer

Principal Threat Intelligence Lead, Christopher Glyer explains how identity-focused solutions can help protect against cybercrime

As Principal Threat Intelligence Lead with a focus on ransomware at the Microsoft Threat Intelligence Center (MSTIC), Christopher Glyer is part of the team that investigates how the most advanced threat actors access and exploit systems. For the inaugural edition of Cyber Signals, he shares his thoughts on identity and security.

The shift to the cloud makes identity one of the core components organizations must prioritize when implementing proactive security protections. Identity is also an early focus area in any security investigation related to possible intrusions.

“When an attacker gains access to someone’s identity and then reuses that identity to access applications and data, organizations need to understand exactly how that identity was accessed, what applications were touched, and what was done within those applications,” Glyer explains. “From a protection perspective, the number one thing you must do is prevent an identity from being stolen, abused, or misused. Preventing this from happening in the first place is critical.”

Leading with identity-focused solutions including enforcing multifactor authentication (MFA), adopting passwordless solutions, and creating conditional access policies for all users dramatically improves protection for devices and data, particularly as hybrid work continues to create scenarios where remote access, user roles, and physical locations vary. These solutions help organizations better control access to business-critical information and identify potentially anomalous activity.

The point is to place a higher security premium on identity, which in turn lets you tighten access privileges linked to those stronger authentications, minimizing the risk of an unauthorized login having unchecked consequences, Glyer explains.

“Attackers are always raising the bar,” Glyer adds. “Fortunately, there are a lot of tools organizations can leverage as they conduct tabletop or red team exercises that may reveal gaps or limitations in their identity and other security controls.”

Glyer says a focus on finding weaknesses in identity is a common attack tactic shared by many threat actors, cybercriminals, and nation-state actors, alike.

A computer and phone on a blue surface
Featured

Basic cyber hygiene prevents 99% of attacks

Basic cyber hygiene remains the best way to defend an organization’s identities, devices, data, apps, infrastructure, and networks against 98% of all cyber threats. Discover practical tips in a comprehensive guide.

“If you look at a more macro trend over time, nation-states are going to leverage cyberattacks for espionage more frequently,” he explains.

“I think you’re going to see the number of players involved leveraging these capabilities continue to rise, because the intelligence gains are potentially quite large, versus the cost of executing these attacks. Having secure identity protections, whether it’s MFA, passwordless, and other defenses like conditional access policies, minimize that opportunity and make it much harder to raise the attack bar. Securing those identities is key.”

"From a protection perspective, the number one thing you must do is aim to prevent an identity from being stolen, abused or misused. Preventing this from happening in the first place is critical."

Christopher Glyer,
Principal Threat Intelligence Lead, Microsoft MSTIC

Related Articles

Cyber Signals: Issue 1

Identity is the new battleground. Gain insights into evolving cyberthreats and what steps to take to better protect your organization.

Cyber Signals Issue 2: Extortion Economics

Hear from frontline experts on the development of ransomware as a service. From programs and payloads to access brokers and affiliates, learn about the tools, tactics, and targets cybercriminals favor, and get guidance to help protect your organization.

Insights from trillions of daily signals

Microsoft security experts illuminate today’s threat landscape, providing insights on emerging trends as well as historically persistent threats.

Follow Microsoft Security