Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
On February 25, 2020, Microsoft Chief Information Security Officer (CISO) Bret Arsenault was attending the RSA Conference in San Francisco when the city declared a state of emergency because of COVID-19. Shortly after flying back to Seattle, Bret learned of the first death from the coronavirus in Washington state. He and other members of Microsoft’s Risk Management Council worked on the company’s crisis response. To kick off National Cybersecurity Awareness Month, I spoke with Bret Arsenault on a recent episode of Afternoon Cyber Tea with Ann Johnson.
As CISO, Bret is responsible for disaster recovery at the enterprise level. He is the chair of Microsoft’s Risk Management Council and has directed Microsoft’s crisis management in the wake of COVID-19. It responds to 30 crises a year, with life safety the highest priority, followed by customers and Microsoft. The council focuses on preparation for four types of disaster and crisis recovery: planned acts (such as weather storms), unplanned acts (such as natural disasters), illegal attacks, and pandemics. Cyberattacks typically fall under illegal attacks. Certain events, such as the Olympics and elections, tend to draw out opportunistic bad actors more than others because people are more vulnerable to social engineering attacks.
Similarly, the pandemic and the social unrest in the United States have made people more susceptible to phishing scams and other cyberattacks. Before the pandemic, cybersecurity incidences had doubled every year for five years. During the pandemic, opportunistic campaigns, including a huge increase in human-operated ransomware attacks, have emerged because of people’s social engineering vulnerability. The number of phishing scams hasn’t changed much, however, the approach has shifted to mimicking health information sites and other pandemic-related schemes. Because more people are working from home, there’s been a big increase in bad actor campaigns targeting desktop protocol.
During our conversation, we also spoke about how to build a disaster recovery program and how moving to a Zero Trust security model helped Microsoft respond more agilely to the new security threats created by the pandemic. Over the past year, that approach has meant making sure all devices are managed, requiring multifactor authentication, figuring out how productivity apps work in a distributed way, and moving all meetings to Microsoft Teams. Microsoft also prioritized service monitoring and user identity and access.
Despite all the planning, there have been surprises, such as realizing that eight-hour all-hands meetings aren’t effective when online and that moving all meetings online creates a level playing field for employees. To learn what cybersecurity steps to take when your entire workforce is remote, listen to Afternoon Cyber Tea with Ann Johnson: Working Through It: Operational Resilience in the Face of Disaster on Apple Podcasts or PodcastOne.
A new season of Afternoon Cyber Tea with Ann Johnson launches today featuring Admiral (RET) Mike Rogers, Former Head of United States Cyber Command, discussing the recent cyberattacks on the US supply chain and what we can do to stop them! Check out new episodes every Tuesday. In this important cyber series, Ann will talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, IoT, and other emerging tech.
“It isn’t just about technology. Never forget the human dynamic in all this. Again, I used to say this to our nation’s leadership, “Sir, you can write the biggest check in the world and it still won’t be enough. We can’t solve this by just throwing money at the problem.” Put another way, we can have the greatest technology with the highest level of investment, but if we don’t have a smart user community, that makes smart choices, that’s part of our strategy…. It’ll be totally undermined everyday by bad choices that our users are making.” – Admiral (RET) Michael Rogers, Former Head of United States Cyber Command
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.