AI is no longer a futuristic concept but a present-day reality—fundamentally reshaping the rules of both offense and defense in real time. But here’s what the headlines miss: The most critical vulnerability in this AI-transformed landscape is not technical—it is human. The question is not whether our tools can keep pace with AI-powered cyberthreats; it is whether our talent strategies can evolve fast enough to build teams that can harness AI’s defensive power while thinking critically, adapting continuously, and operating effectively in an environment where yesterday’s playbook is obsolete by tomorrow. For cybersecurity leaders and human resources professionals, the challenge is clear: To secure the future, we must future-proof our cybersecurity talent, developing teams that are not only technically adept but also agile, innovative, and perpetually learning.

Cyberthreat-based AI: The new threat vector

AI’s impact on cybersecurity is a double-edged sword. The same technologies empowering our defenses in automating threat detection, analyzing massive data sets, and identifying invisible patterns, are simultaneously supercharging threat actors. Let’s talk about what we’re actually seeing in the wild. Our threat intelligence teams are tracking malicious use of AI that would have seemed like science fiction 18 months ago: language model-crafted spear phishing that passes the Turing test, automated vulnerability chaining that discovers novel exploit paths, adaptive malware that modifies its behavior in real-time based on the defense environment it encounters, and deepfakes sophisticated enough to bypass human and technical verification.

But here is the uncomfortable truth: That transforms this technology problem into a talent imperative—the constraint is not AI’s capability. It is human capacity to make sense of what the technology is telling us, to ask the right questions, and to think strategically at machine speed. We have spent two decades building security teams that are exceptional at technical execution. Now we need teams that interrogate AI outputs with healthy skepticism and operate effectively in constant ambiguity. Cybercriminals are leveraging AI to develop more effective phishing campaigns, automate the discovery of vulnerabilities, and evade traditional detection mechanisms. Deepfakes, AI-powered social engineering, and automated malware are just the beginning of this new threat vector. The cyberthreat-based use of AI is not just escalating the arms race, it is changing the kinds of defenders who can succeed in it.

Guarding against AI-powered attacks

Read Microsoft tips for protecting your organization against AI-powered cyberthreats.

Get the quick reference guide

Rethinking talent strategies

I’ll be direct: Our industry’s hiring playbook cannot be updated fast enough. The traditional focus on technical certifications and experience, while still important, is no longer sufficient. At Microsoft, we are seeing our most effective AI-era defenders come from unexpected places. Future-ready teams require a blend of technical expertise, critical thinking, adaptability, and a mindset geared toward innovation and continuous learning. The most effective security teams are beginning to look radically different. Imagine economists who understand game theory modeling cyberthreat-based incentives, linguists probing language models for semantic manipulation, psychologists studying how humans trust AI-generated content. These aren’t traditional hires, but they bring exactly the cognitive diversity needed to spot AI vulnerabilities that purely technical teams might miss. Organizations must prioritize diversity of thought, cross-disciplinary collaboration, and the ability to understand and manage AI systems alongside conventional security tools.

Recruitment and hiring for the AI era

What if we’re asking the wrong interview questions? Traditional interviews focus on yesterday’s needs. But in an AI-powered environment, the questions that matter are as different as the problems we are trying to solve. We should be asking how do you make decisions when an AI system gives you probabilistic rather than definitive answers? How do you probe for blind spots in automated detection systems? How do you think strategically when the cyberattacker is using machine learning to adapt in real time?

Attracting AI-savvy talent starts with clear, forward-thinking job descriptions that emphasize not just technical skills, but also curiosity, problem-solving, and a willingness to experiment with new technologies. Collaborating with academic institutions, sponsoring AI-focused competitions, and leveraging professional networks can help identify emerging talent. Structured interviews and practical assessments should evaluate candidates’ familiarity with AI-powered tools and their ability to adapt to a rapidly changing environment. Importantly, hiring managers should consider candidates from non-traditional backgrounds who bring fresh perspectives and a passion for learning.

But it does not stop there. We are expanding where we look for talent. The cybersecurity profession traditionally draws from a narrow set of educational backgrounds and career paths. But some of the most effective AI-era defenders come from unexpected places.

Onboarding and integration

Effective onboarding in an AI-powered cybersecurity environment requires more than technical orientation. New hires should be immersed in the organization’s AI strategy, security culture, and innovation ethos from day one. At Microsoft, our Secure Future Initiative embeds security into how every employee works. Every person has a security core priority discussed directly with their manager, ensuring they understand how their role contributes to protecting Microsoft and our customers. Mentorship programs, hands-on labs, and cross-functional team projects can accelerate readiness, helping new team members quickly grasp how AI integrates with existing security protocols and where they can contribute to ongoing innovation.

We have established 17 deputy chief information security officer (CISO) roles across critical product and business areas, enabling enterprise-wide risk mitigation and driving resilience at scale. This governance structure, combined with concrete action across our three core principles—Secure by Design, Secure by Default, and Secure Operations—means new security hires enter an organization where security is not a siloed function. It is now we operate. Our new policies and behavioral detection models have already thwarted $4 billion in fraud attempts. That is what it means to onboard talent into a security-first culture in the AI era.

Retention in a competitive market

Retaining top cybersecurity talent is especially challenging in a market where demand far outstrips supply. But in the AI era, there’s an emerging pattern worth noting: The professionals who thrive are intellectually hungry and pathologically curious. They need environments where they are constantly challenged, where failure is treated as data rather than disaster, and where they tackle problems that do not yet have solutions. Building a culture that values continuous learning, experimentation, and employee well-being is critical. Offer opportunities for professional development, encourage participation in AI research and industry conferences, and recognize innovative contributions. Foster an environment where team members are empowered to propose new ideas and drive change—this not only retains talent but also keeps your organization on the cutting edge.

The teams that retain talent aren’t just those with competitive compensation (though that remains essential). They are the ones that combine fair pay with intellectually compelling work, where expectational people stay because the challenges are novel and the learning never stops.

Continual training and upskilling

Traditional cybersecurity training was built for a world where cyberthreats evolved predictably and defenses aged gracefully. That world is gone. By the time most organizations develop a training program, pilot it, roll it out, the threat landscape has already moved on. We need to move from “training programs” to “learning ecosystems.” Ongoing programs should focus on both foundational AI concepts and emerging cyberthreats, blending online courses, in-person workshops, and real-world simulations. Encourage cybersecurity professionals to earn AI-related certifications, participate in threat intelligence sharing, and stay engaged with the broader security community. By making continual upskilling a core part of your talent strategy, you ensure that your team can adapt to whatever the future brings.

Building resilient, future-ready cybersecurity teams

AI is rewriting the rules of cybersecurity, presenting both unprecedented opportunities and formidable challenges. Here is what I believe: The next major breach will not happen because of a zero-day vulnerability or a sophisticated AI-powered cyberattack. It will happen because we collectively failed to future-proof our cybersecurity talent as fast as the threat landscape evolved. Future proofing in the era of AI is about both detecting cyberthreats and about building teams with the cognitive ability to adapt to whatever emerges next. Organizations that proactively invest in this—by rethinking recruitment, embracing innovative onboarding, fostering a culture of retention, and committing to ongoing upskilling—will build the resilient, future ready teams capable of defending against both today’s and tomorrow’s cyberthreats. The decisions we make now about how we recruit, develop, and retain cybersecurity talent will determine our collective ability to stay ahead of AI-powered threat actors.

This is my challenge to the industry:

• To CISOs and security leaders: Stop hiring for comfort. Start hiring for cognitive diversity. Future-proof your defenses by building teams that can think differently.
• To policymakers: Create regulatory frameworks that incentivize threat intelligence sharing and protect organizations that transparently discuss their defensive failures. Learning needs to happen faster than litigation.
• To academic institutions: Cybersecurity curricula built around technical certifications are producing graduates who are obsolete before they graduate. Partner with industry to create programs that teach adaptive thinking and prepare students for the AI era.
• To the broader security community: We need to move faster than the cyberattackers. Share threat intelligence early and often. Build communities of practice that transcend organizational boundaries. Future-proof the industry, not just your organization.

The talent crisis in cybersecurity isn’t a pipeline problem. It’s an imagination problem. We keep looking for yesterday’s defenders when we need to start building tomorrow’s.

The bad actors have already adapted to the age of AI. The question is: Will we future-proof our talent strategies fast enough to meet them there?

The future belongs to those who prepare for it now.

Microsoft
Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series:

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post How to build forward-thinking cybersecurity teams for tomorrow appeared first on Microsoft Security Blog.

This year’s findings reveal something we have all been sensing: the threat of landscape is not just evolving—it is accelerating. AI has fundamentally changed the equation, impacting the speed, scale, and sophistication of cyberattacks in ways that render many traditional defensive assumptions obsolete. Yet AI also represents our most powerful tool for adaptation.

Understanding the acceleration

The metrics tell a stark story, but the operational implications matter more. We’re observing cyberattacks that execute in the time it takes a user to click—ClickFix techniques that bypass layered defenses through social engineering at machine speed. In cloud environments, the window between deployment and compromise has collapsed to 48 hours for containers, fundamentally challenging our assumptions about hardening timelines.

The economics have shifted as well. AI-powered phishing campaigns now achieve 50 times profitability improvements by automating personalization at scale. We’re tracking North Korean operations that have embedded tens of thousands of workers globally, turning the remote workforce into a persistent cyberthreat vector. This is not opportunistic. Indeed, it is industrial-scale infiltration.

The sophistication curve continues its steep climb. Our telemetry shows an 87% increase in disruptive campaigns targeting Microsoft Azure environments. Credential theft attempts are up 23%, data exfiltration up 58%. We are now tracking early indicators of autonomous malware capable of lateral movement and adaptive behavior without human direction.

What strikes me most is the operational coordination. Through Microsoft Threat Intelligence, we are observing campaigns spanning more than 130 countries where nation-states, criminal syndicates, and commercial mercenaries share infrastructure and tactics. Access brokers have created marketplaces that blur lines between espionage and crime. The models–scalable, resilient, and disturbingly efficient.

From threat awareness to strategic action

Here is the paradox every CISO faces: threats are accelerating, yet our defensive capabilities have never been stronger. The gap is not technology. The gap is in how we think about and operationalize security. Legacy approaches that separate security from business strategy, that prioritize prevention over resilience, that treat threat incidents as failures rather than inevitable events—these mindsets are now liabilities.

The path forward requires fundamental shifts:

Security as a business enabler, not a control point. We just embed security into every business process, from product development to supply chain management. When security becomes integral to how organizations operate, rather than a gate they must pass through, we move faster while managing risk more effectively. This is not about lowering standards. This is about building security into the foundation rather than adding it as a façade.

Resilience as the primary objective. The question isn’t if an incident will occur, but how quickly we can detect, contain, and recover from it. When cyberattacks execute in seconds and compromises happen within 48 hours, our response capabilities must match that velocity. This means tested playbooks, empowered teams, and automated response mechanisms that operate at machine speed.

Intelligence and automation as force multipliers. The same AI technologies that let cyberattackers scale operations can amplify our defense capabilities—if we deploy them strategically. Automation is not about replacing security teams. It is about letting them operate at the speed and scale that modern threats demand.

The evolved CISO mandate

The role of the CISO has fundamentally expanded. We are no longer purely technologists. We are risk managers, strategic advisors, and organizational change agents. The board needs us to translate technical cyberthreats into business risks and resilience strategies into competitive advantages.

This evolution demands new capabilities:

Cross-functional leadership that transcends IT. When a social engineering attack can compromise an organization in seconds, response requires coordinated actions across IT, legal, human resources, communications, and executive leadership. We must build these partnerships before the crisis, not during it.

Continuous adaptation as operational discipline. The 48-hour container compromise window and the instant infection vectors we are seeing mean that continuous monitoring, regular testing, and rapid iteration are not best practices. They are survival requirements. Our defenses, policies, and response capabilities must evolve as quicky as threats.

Governance that anticipates regulatory evolution. As governments increase transparency requirements and impose consequences for malicious activity, we must ensure our organizations can meet both the letter and the spirit of emerging regulations. This includes understanding third-party risks, from access brokers to embedded cyberthreats in our workforce and supply chains.

Proven strategies for operationalizing security resilience

From our work with customers, own operational experience, and implementation of the Secure Future Initiative (SFI), three priorities rise to the top:

Modern identity controls are non-negotiable. With 97% of identity attacks targeting passwords, phishing-resistant MFA fundamentally alters the risk equation. This isn’t about adding layers—it’s about eliminating entire attack vectors. Organizations that deploy phishing-resistant authentication see dramatic reductions in successful compromises.

Incident response readiness determines outcome. When attacks move at machine speed, response time becomes the critical variable. This means regular simulations, tested playbooks, and teams empowered to act decisively. We must practice for the scenarios we’ll face, not the ones we hope to avoid. The organizations that recover fastest are those that have failed in simulation and learned before the real event.

Collective defense is no longer optional. Against campaigns spanning more than 130 countries and cyberattacker ecosystems sharing infrastructure, isolated defense is ineffective. Intelligence sharing, collaborative best practices, and sector-wide coordination are force multipliers that benefit everyone. The cyberthreats we face are too sophisticated and too coordinated for any organization to defend alone.

We’ve been applying these same principles internally through our Secure Future Initiative. Rather than keep our implementation lessons internal, we’re publishing the actual patterns and practices we’ve used—the specific approaches that worked, the trade-offs we encountered, and the practical steps other organizations can adapt. The SFI patterns and practices library includes detailed guidance on challenges like securing multi-tenant environments, protecting software supply chains, and implementing Zero Trust for source code access.

What I appreciate about these patterns is that they are written by practitioners who have actually implemented them. Each one outlines the problem, explains how we solved it internally at Microsoft, and provides recommendations that you can evaluate for your own environment. No glossy overviews—just the operating details of what worked and what did not.

Steps to strengthen resilience and response across your organization 

The acceleration we are witnessing—cyberattack speed, operational scale, and technical sophistication—demands an equivalent acceleration in our response. This is not about working harder; it’s about working differently. It means treating AI and automation as operational imperatives, not future projects. It means building identity security as foundational infrastructure, not a compliance checkbox. It means developing incident response capabilities that match the velocity of modern cyberattacks.

Most fundamentally, it means embracing our evolved role as CISOs. We are architects of organizational resilience in an era where cyberthreats move at machine speed and span continents. This requires equal parts of technical depth, strategic vision, and collaborative leadership.

The cyberthreat landscape will continue to evolve. Our mandate is to evolve faster, to build organizations that are not just secure but resilient, adaptive, and prepared for whatever comes next. That is the challenge facing every CISO today. It is also the opportunity to build something stronger than what came before.

For a detailed and comprehensive analysis, explore the full Microsoft Digital Defense Report 2025.

Microsoft Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series.

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post The CISO imperative: Building resilience in an era of accelerated cyberthreats appeared first on Microsoft Security Blog.

Over the past year, we’ve made significant strides through the Secure Future Initiative (SFI), embedding security into every layer of our engineering practices. But just as critical has been our transformation in how we educate and engage our employees. We revamped our employee security training program to tackle advanced cyberthreats like AI-enabled attacks and deepfakes. We launched the Microsoft Security Academy to empower our employees with personalized learning paths that create a relevant experience. We’ve made security culture a company-wide imperative, reinforcing vigilance, embedding secure habits into everyday work, and achieving what technology alone cannot. It is more than a mindset shift; it’s a company-wide movement, led from the top and setting a new standard for the industry.

To help other organizations take similar steps, we are introducing two new guides—focused on identity protection and defending against AI-enabled attacks—that offer actionable insights and practical tools. These resources are designed to help organizations rethink their approach in order to move beyond 101-level content and build a culture of security that is resilient, adaptive, and people-powered. Because in cybersecurity, culture is more than a defense—it is the difference between reacting to cyberthreats and staying ahead of them.

Training for proactive security: Empowering employees in a new era of advanced threats

Security is the responsibility of every Microsoft employee, and we’ve taken deliberate steps to make that responsibility tangible and actionable. Over the past year, we’ve worked hard to reinforce a security-first mindset throughout every part of the company—from engineering and operations to customer support—ensuring that security is a shared responsibility at every level. Through redesigned training, personalized guidance, regular feedback loops, and role-specific expectations, we are fostering a culture where security awareness is both instinctive and mandatory.

As cyberattackers become increasingly sophisticated, using AI, deepfakes, and social engineering, so must the way we educate and empower employees. The security training team at Microsoft has overhauled its annual learning program to reflect this urgency. Our training is thoughtfully designed to be even more accessible and inclusive, built from empathy for all job roles and the work they do. This helps ensure that all employees, regardless of background or technical expertise, can fully engage with the content and apply it in meaningful ways. The result is a lasting security culture that employees not only embrace in their work but also carry into their personal lives.

To ensure our lasting security culture is rooted in real-world cyberthreats and tactics, we’ve continued to push our Security Foundations series to feature dynamic, threat-informed content and real-world scenarios. We’ve also updated training content in traditional topics like phishing, identity spoofing, and AI-enabled cyberattacks like deepfakes. All full-time employees and interns are required to complete three sessions annually (90 minutes total), with newly created content every year.

Security training must resonate both in the workplace and at home to create a lasting impact. That is why we equip employees with a self-assessment tool that delivers personalized, risk-based feedback on identity protection, along with tailored guidance to help safeguard their identities—both on the job and in their personal lives.

The ingredients for successful security training

At Microsoft, the success of our security training programs hinges on several crucial ingredients: fresh, risk-based content; collaboration with internal experts; and a relentless focus on relevance and employee satisfaction. Rather than recycling old material, we rebuild our training from the ground up each year, driven by the changing cyberthreat landscape—not just compliance requirements. Each annual program begins with a risk-based approach informed by an extensive listening network that includes internal experts in threat intelligence, incident response, enterprise risk, security risk, and more. Together, we identify the top cyberthreats where employee judgment and decision-making are essential to keeping Microsoft secure—and how those cyberthreats are evolving.

Take social engineering, for instance. This topic is a consistent inclusion in our training because around 80% of security incidents start with a phishing incident or identity compromise. But we are not teaching phishing 101, as we expect our employees already have foundational awareness of this cyberthreat. Instead, we dive into emerging identity threats, real-world cyberattack scenarios, and examples of how cyberattackers are becoming more sophisticated and scaling faster than ever.

The impact we are making on the security culture at Microsoft is not by chance, nor is it anecdotal. The Education and Awareness team within the Office of the Chief Information Security Office (OCISO) applies behavioral science, adult learning theory, and human-centered design to the development of every Security Foundations course. This ensures that training resonates, sticks, and empowers behavioral change. We also continually measure learner satisfaction and content relevancy, both of which have climbed significantly in recent years. We attribute this positive change to the continual innovation and evolution of our content and the increased attention we pay to the learning and cultural needs of our employees.

This was one of the best Security Foundations that I’ve taken, well done! The emphasis on deepfake possible attacks was enlightening and surprising, I thought it was a great choice to actually deepfake [our actor] to show how real it sounds and show in real time what is possible to get that emphasis. The self-assessment was also great in terms of showing the areas that I need to work on and use more caution.

—Microsoft employee

Today, engagement with the Security Foundations training is strong, with 99% of employees completing each course. Learner satisfaction continues to climb, with the net satisfaction score rising from 144 in fiscal year (FY) 2023 to 170 today. Relevancy scores have followed a similar trend, increasing from 144 in FY 2023 to 169 today.¹ These scores reflect that our employees view the security training content as timely, applicable, and actionable.

Microsoft leadership sets the tone

Our security culture change started at the top, with Chief Executive Officer (CEO) Satya Nadella mandating that security be the company’s top priority. His directive to employees is clear: when security and other priorities conflict, security must always take precedence. Chief People Officer (CPO) Kathleen Hogan reinforced this commitment in a company-wide memo, stating, “Everyone at Microsoft will have security as a Core Priority. When faced with a tradeoff, the answer is clear and simple: security above all else.”

The Security Core Priority continues to enhance employee training around security at Microsoft. As of December 2024, every employee had a defined Security Core Priority and discussed their individual impact during performance check-ins with their manager. Hogan explains that this isn’t a one-time pledge, but a non-negotiable, ongoing responsibility shared by every employee. “The Security Core Priority is not a check-the-box compliance exercise; it is a way for every employee and manager to commit to—and be accountable for—prioritizing security, and a way for us to codify your contributions and to recognize you for your impact,” she said. “We all must act with a security-first mindset, speak up, and proactively look for opportunities to ensure security in everything we do.”

This commitment is embedded in how Microsoft governs and operates at the highest levels. Over the past year, the senior leadership team at Microsoft has focused on evaluating the state of our security culture and identifying ways to strengthen it. Security performance is reviewed at weekly executive meetings with deep dives into each of the six pillars of our Secure Future Initiative. The Board of Directors receives regular updates, reinforcing the message that security is a board-level concern. We’ve also reinforced our commitment to security by directly linking leadership compensation to security outcomes—elevating security to the same level of importance as growth, innovation, and financial performance. By using executive compensation as an accountability mechanism tied to specific security performance metrics, we’ve driven measurable improvements, especially in areas like secret hygiene across our code repositories.

Reinforcing security culture through engagement and hiring

Security culture is not built in a single training session; it is sustained through continuous engagement and visible reinforcement. To keep security top-of-mind, Microsoft runs regular awareness campaigns that revisit core training concepts and share timely updates across the company. These campaigns span internal platforms like Microsoft SharePoint, Teams, Viva Engage, and global digital signage in offices. This creates a consistent drumbeat that embeds security into daily workflows through reminders that reinforce key behaviors.

Launching fall 2025, the global security ambassador program will activate a grassroots network of trusted advocates within teams and departments across organizations and geographies. With a goal of reaching at least 5% employee participation, these ambassadors will serve as local champions, helping amplify initiatives, offering peer-to-peer guidance, and offering valuable feedback from the front lines. This approach not only sustains engagement but ensures Microsoft’s security strategy is informed by real-world insights from across the organization. As cyberattackers continue to grow more advanced, our employees must constantly learn and adapt. For this reason, security is a continuous journey that requires a culture of continuous improvement, where lessons from incidents are used to update policies and standards, and where employee feedback helps shape future training and engagement strategies.

Security culture is only as strong as the people who live it. That is why Microsoft is investing heavily in talent to scale its defenses through upskilling and hiring. Through the resulting increase in security engineers, we are making sure that every team, product, and customer benefits from the latest in security thinking and expertise.

Embedding security into engineering

The company leadership sets the vision, but real transformation happens when security is woven into our engineering. We are moving beyond simply applying security frameworks—reengineering how we design, test, and operate technology at scale. To drive this shift, we’ve aligned our engineering practices with the Protect Engineering Systems pillar of SFI, embedding security into every layer of development, from identity protection to threat detection. Our Microsoft Security Development Lifecycle (SDL), once published as a standalone methodology, is now deeply integrated into the Secure by Design pillar of SFI, ensuring security is part of the process, from the first line of code to final deployment.

We’ve embedded DevSecOps and shift-left strategies throughout our development lifecycle, backed by new governance models and accountability structures. Every engineering division now has a Deputy Chief Information Security Officers (CISO) responsible for embedding security into their workflows. These practices reduce costs, minimize disruption, and ultimately lead to more resilient products.

Under SFI, security is treated as a core attribute of product innovation, quality, innovation, and trust. And as Microsoft redefines how security is built into engineering, we are also transforming how it is lived. This means providing every employee with the awareness and agility needed to counter the most advanced cyberthreats.

Security culture as a matter of business trust

For Microsoft, a strong security culture helps us protect internal systems and uphold customer and partner trust. With a global presence, broad product footprint, and a customer base that spans nearly all industries, even a single lapse can have impact at a scale where even a single security lapse can have wide-reaching implications. Embedding security into every layer of the company is both complex and essential—and involves more than just cutting-edge tools or isolated policies. Our security-first employee mindset views security not as a discrete function, but as something that informs every role, decision, and workflow. And while tools are indispensable in addressing technical cyberthreats, it is culture that ensures those tools are consistently applied, refined, and scaled across the organization.

Paving the road ahead for lasting security culture

The famous quote attributed to renowned management consultant Peter Drucker that “culture eats strategy for breakfast” holds especially true in cybersecurity. No matter how well-designed a security strategy may be, it can’t succeed without a culture that supports and sustains it. Ultimately, the formula for proactive security at Microsoft is built on three connected elements: people, process, and culture. And although we’ve made meaningful progress on all three fronts, the work is never finished. The cybersecurity landscape is constantly shifting, and with each new challenge comes an opportunity to adapt, improve, and lead.

The decision by Microsoft to treat security not as an isolated discipline, but as a foundational value—something that informs how products are built, how leaders are evaluated, and how employees across the company show up every day—is a core aspect of SFI. This initiative has already led to measurable improvements, including the appointment of Deputy CISOs across engineering divisions, the redesign of employee training to reflect AI-enabled threats, and the coming launch of grassroots programs like the global Security Ambassador program.

The Microsoft Secure Future Initiative is our commitment to building a lasting culture that embeds security into every decision, every product, and every employee mindset. We invite others to join us and transform how security is lived. Because in the current threat landscape, culture is not just a defense—it makes the difference.

Culture in practices: Tools to build a security-first mindset

To reinforce a security-first mindset across work and home, we’ve developed the following resources for our internal employees. We are also making them available for you to help drive the same commitment in your organization.

• Identity Protection Guide—Critical identity protection practices for reduce your risk of cyberattacks” of a cyberattack, at work and at home.
• Security Foundations: Guarding Against AI-Powered Attacks—A reference guide to spotting and protecting yourself against AI-powered cyberattacks.

Microsoft Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series.

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

To learn more about Microsoft Security solutions, go to our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft internal data

The post Building a lasting security culture at Microsoft appeared first on Microsoft Security Blog.

We’re excited to launch Microsoft Secure Future Initiative (SFI) patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale.

This launch marks the next step in our journey to make our SFI learnings practical for our customers, partners, and broader security ecosystem. These patterns and practices draw from a range of proven security architectures and best practices—including, but not limited to, Zero Trust—operationalized to protect Microsoft’s infrastructure and now shared to help you do the same.

Why SFI patterns and practices matter

Since launching the Secure Future Initiative (SFI) in November 2023, we’ve mobilized the equivalent of more than 34,000 engineers to mitigate risk and improve security for Microsoft and our customers.¹ Guided by three security principles—secure by design, by default, and in operations—we have made measurable progress in the areas of culture, governance, and our six engineering pillars. Still there is more to do and teams across the company are working to improve security of every product, address learnings from every incident, and continuously improve our methods and practices.

Additionally, we have heard feedback from customers and partners that want us to share how we are improving security at Microsoft, not just at the strategic architecture level but also at the implementation and practical level. That’s where SFI patterns and practices library comes into play.

What’s in the first wave of SFI patterns and practices?

We are launching the first wave of eight pattern and practice articles that help solve the most asked-for, urgent, and complex challenges faced by security practitioners today:

Introducing SFI patterns and practices taxonomy

Just as software design patterns provide reusable solutions to common engineering problems, SFI patterns and practices offer repeatable, proven approaches to solving complex cybersecurity challenges. Each pattern is crafted to address a specific security risk—whether it’s identity lateral movement, legacy infrastructure, or inconsistent continuous integration and continuous delivery (CI/CD) pipelines—and is grounded in Microsoft’s own experience. Like design patterns in software architecture, these security patterns are modular, extensible, and built for reuse across diverse environments.

Additionally, each pattern in the SFI patterns and practices library follows a consistent and purposeful structure. Every article begins with a pattern name—a concise handle that captures the essence of the cybersecurity challenge. The problem section outlines the security risk and its real-world context, helping readers understand why it matters. The solution describes how Microsoft addressed the issue internally. The guidance section provides practical recommendations that customers can consider applying in their own environments. Finally, the implications section outlines the outcomes and trade-offs of implementing the pattern, helping organizations anticipate both the benefits and the operational considerations.

This structure offers a framework for understanding, applying, and evolving security practices.

Joining the SFI patterns and practices journey

SFI patterns and practices is your guide to turning architecture into action. By adopting these patterns, organizations can accelerate their security maturity, reduce implementation friction, and build systems that are more secure by design, default, and in operation.

What’s coming next?

This is just the beginning. In the coming months, we’ll release additional patterns to share more guidance aligned to SFI pillars. Each new pattern will be published on the Microsoft Security blog and on Microsoft’s Secure Future Initiative homepage.

Get started

Explore the first set of patterns:

• Security blog SFI topic page
• Secure by design: A UX toolkit
• Microsoft Security Tech Community blog
• Microsoft Security X account

Let’s build a secure future, together

Talk to your Microsoft account team to integrate these practices into your roadmap.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Secure Future Initiative Report, November, 2024

The post Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices appeared first on Microsoft Security Blog.

Many companies have strong protocols in place for natural disasters such as earthquakes, fires, and floods. There is a shared understanding that when those events strike, you do not want to improvise your response. You want to act quickly, communicate clearly, and protect what matters most.

Yet when a cyberattack hits—often quietly, invisibly and without warning—many organizations find themselves scrambling. They lack the same level of coordination, rehearsal, and leadership they would apply to a visible crisis. In those moments, when minutes can cost an organization millions, the absence of a tested response plan can be just as damaging as the cyberattack itself. Cyberthreats may be silent, but their impact is loud, and it is time we treat them with the same urgency and discipline as any other disaster.

Two misconceptions about cyber resilience

In my conversations with executives around the world, I have noticed a pattern. Regardless of industry or region, two core misconceptions tend to show up when we talk about cyber resilience. Left unaddressed, both can leave organizations exposed when it matters most.

Misconception #1: “Cyber incidents are usually small and containable.”

This belief often leads to underinvestment in planning and overconfidence in reactive capabilities. Today’s cyberthreats are built to spread quietly and quickly. What begins as a single compromised identity or an overlooked misconfiguration can rapidly evolve into widespread operational disruption. The impact often extends well beyond technical systems, affecting supply chains, customer trust, compliance obligations, and brand reputation. IBM’s 2024 Cost of a Data Breach report estimates that the global average cost of a data breach is $4.88 million, a 10% increase from 2023.¹

Misconception #2: “This is an IT problem.”

Cyber resilience may start in the security operations center, or SOC, but it does not end there. In a real-world event, it is not just your technical teams who are responding. Your legal team is drafting disclosures, communications teams are shaping external messaging, human resources (HR) is guiding internal coordination, finance is assessing risk exposure, and executives are making decisions under incredible pressure. If only one part of the business is prepared, the whole response suffers.

How to be prepared: turning awareness into actionable steps

How can an organization get cyber resilience right?

Cyber incidents should be treated as inevitable, so the true differentiator for an organization is how well they respond to them. This often comes down to preparation and communication.

First, it must start with alignment at the top. Every function, including legal, finance, HR, communications, security, and leadership, needs to be part of the conversation before the crisis.

While every organization will have a different structure and different thresholds for decision making, the same foundational questions will apply:

• What happens if our systems go down?
• Who needs to know, and how will we reach them?
• What are our obligations—to regulators, to customers, and to employees?
• Who decides, and who communicates?

The answers will vary, but the need for answers will not. Organizations that respond best will have built the same operational foundations in place: clear governance, tested communication strategies, and practiced coordination across business functions.

Here is what I have seen work consistently, across all sectors, scales, and global teams:

1. A clearly defined, living playbook

A response plan only works if it is both clear and current. You need a playbook that lays out roles, responsibilities, and actions in plain language with no ambiguity and no guesswork. Simultaneously, the plan must also be able to evolve. Cyberthreats change, teams shift, regulations update. Your playbook should be a living, breathing document that is reviewed and pressure tested regularly, and updated to reflect how your organization actually operates. It should cover more than just technical remediation, including who declares the incident, who contacts the regulators, who informs customers and employees, and how those communications are approved and distributed.

2. Decision-making frameworks

In a crisis, time is your most precious asset, and confusion is your biggest liability. Your organization should have a clear process for who makes decisions, how they escalate, and how they get communicated across the business. There should be no room for second-guessing or silos.

3. Backup communication channels

One of the first things that may go down in an incident is your communication systems. Do not assume you will be able to email your way through a crisis. Instead, investigate how you may be able to use other communication channels, like encrypted messaging, redundant systems, or even personal devices, so you are not improvising under stress.

4. Clear ownership of messaging

Before an incident, decide: Who speaks for the company? Who drafts statements? Who approves them? The organizations that can respond with speed and clarity are the ones that already have roles assigned and workflows rehearsed.

5. Regular rehearsals and tabletop exercises

Cyber resilience does not exist in a vacuum. Cross-functional simulations that bring together business leaders, legal, communications, and security are critical. They help teams build trust, refine the process, and identify gaps before bad actors do.

The role of AI in cyber resilience

AI will not stop a cyber incident from happening, but it can change how fast and how well you respond.

That is because resilience today is defined by speed. The faster you can detect, understand, and coordinate a response, the better the outcome. AI helps close that gap by rapidly analyzing logs, alerts, and telemetry to surface what matters most, freeing teams to focus on action, not investigation.

AI also stands to play a growing role in communication during cyber incidents. From drafting regulatory updates to triggering stakeholder notifications, AI can streamline workflows when pressure is highest.

Used well, AI becomes a force multiplier: reducing noise, accelerating decisions, and giving teams the clarity they need to lead with confidence.

Like every technology, there is no one-size-fits-all approach. Cyber resilience should be shaped by the critical functions that define your organization.

Risk tolerance, regulatory expectations, and operational priorities vary by industry. The key is to define what matters most and build your strategy around it.

Cyber resilience as a leadership imperative

Cybersecurity is no longer just a technical function: it is a business conversation, a governance priority, and a core test of leadership. The most resilient organizations are those where accountability is shared, decisions are rehearsed, and security is embedded into every layer of the enterprise. Leadership means actively asking hard questions, demanding cross-functional alignment, and showing up for the rehearsals, not just the results.

Most importantly, cyber resilience is not a one-and-done task, but an inherently continuous discipline. The most prepared organizations are not the ones with perfect answers, but those that keep asking the right questions and refining their approach together.

Hear more from Ann

As the host of Microsoft’s Afternoon Cyber Tea podcast and a frequent speaker at global security forums, Ann brings a boardroom-level perspective to the technical, operational, and cultural challenges shaping today’s security landscape. To hear more of Ann’s insights, tune into Afternoon Cyber Tea or follow her on LinkedIn for updates on Microsoft’s cybersecurity transformation,  security innovations and leadership during disruption.

Microsoft
Deputy CISOs

To hear more from Microsoft Deputy CISOs, check out the OCISO blog series:

To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list.

Learn more

For a summary of our Enterprise Resilience and Crisis Management Program, which encompasses Enterprise Resilience, Business Continuity Management, and Crisis Management, as well as information about some of our specific products and their Business Continuity and Disaster Recovery (BCDR) capabilities, read the Microsoft External Customer Statement.

To learn how Microsoft supports customers in achieving their resilience and Business Continuity and Disaster Recover (BCDR) goals and how to leverage Microsoft’s robust tools to ensure resilience and continuity in the face of disruptions, read Enabling Customer Resilience in the Cloud.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Cost of a Data Breach, IBM. 2024.

The post Cyber resilience begins before the crisis appeared first on Microsoft Security Blog.

In the spirit of the EO and as part of our commitment to enhancing cybersecurity across the United States, we today announce that Tenable has expanded its collaboration with the Microsoft Intelligent Security Association (MISA). Tenable is a pioneer in the risk management market and creator of Nessus, one of the most widely deployed vulnerability assessment solutions in the cybersecurity industry. Together, Microsoft and Tenable will help enhance the United States government’s ability to quickly identify, investigate, prioritize, and remediate threats—and help collectively raise the country’s security posture.

Federal agencies will benefit from the two companies’ tighter collaboration, enhanced information sharing, and integrations. Specifically, Tenable and Microsoft are working together with the intent to integrate Tenable.io with Microsoft Defender for Cloud and Microsoft Sentinel solutions to support vulnerability assessments for hybrid cloud workloads that use FedRAMP moderate.

“The White House’s Cybersecurity Executive Order focuses heavily on Zero Trust initiatives,” said Glen Pendley, Chief Technology Officer, Tenable. “Zero Trust requires a foundation of strong cyber hygiene, with accurate visibility into all of the organization’s assets—IT, cloud, operational technology (OT), internet of things (IoT)—and continuous monitoring of user profiles and privileges. Furthermore, both Microsoft and Tenable are alliance partners in the Joint Cyber Defense Collaborative (JCDC) established by the Cybersecurity and Infrastructure Security Agency (CISA) to strengthen national cyber defense. Our collaboration with Microsoft supports the EO and CISA, both with respect to JCDC and Shields Up, helping federal agencies advance their Zero Trust objectives and improve resilience.”

Working together to advance agencies’ Cyber EO journey

The new capabilities forged by the Microsoft and Tenable collaboration will help agencies better orchestrate and unify the approach to security and vulnerability management and accelerate modernization in alignment with Cyber EO milestones, notably Sections 2, 3, 6, and 7.

To remove barriers to threat information as outlined in Section 2, Tenable will join as one of many independent software vendors and managed security service providers that have integrated their solutions with Microsoft’s to better defend against a world of increasing threats.

To support Section 3, Microsoft and Tenable are already collaborating with the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) to develop practical, interoperable approaches to designing and building Zero Trust architectures and help shape the NIST cybersecurity practice guide.²      

Experts from Microsoft and Tenable will also lend best practice recommendations to CISA to standardize the federal government’s playbook for responding to vulnerabilities and incidents as outlined in Section 6.

Lastly, to improve the detection of cybersecurity vulnerabilities and incidents on government networks according to Section 7, the companies intend to mutually integrate Tenable.io with Microsoft Defender for Cloud for hybrid and multicloud agent deployment and to deliver a consolidated security recommendations view. Further, mutual integration between Tenable.io with Microsoft Sentinel, Microsoft’s cloud-native security information and event manager (SIEM) solution, is intended to help Tenable automatically feed into existing vulnerability management as agencies spin up new workloads in the cloud. This capability will be engineered to aggregate logs so top-level agencies can visualize security risks across Tenable.io and Microsoft Defender for Cloud in one place to improve threat hunting with and across agencies. Tenable will work with Microsoft to secure organizations’ on-premises, hybrid, and cloud-native Microsoft Azure Active Directory implementations in the federal space.

Microsoft’s collaboration with Tenable will strengthen agencies’ ability to identify and respond to risk at scale and extends beyond government.

To learn more about how Microsoft is bringing together public and private sector leaders to increase cyber resilience, visit our Cyber EO resource center.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹ The Cybersecurity Executive Order: What’s Next for Federal Agencies?, Jason Payne. June 17, 2021.

² Implementing a Zero Trust Architecture, National Cybersecurity Center of Excellence.

The post Microsoft collaborates with Tenable to support federal cybersecurity efforts appeared first on Microsoft Security Blog.

Girl Security, the organization I founded in 2016, builds more equitable pathways through learning, training, and mentorship for girls, women, and female-identifying and non-binary young people interested in national security careers. Ann Johnson, Corporate Vice President of Security, Compliance, and Identity Business Development at Microsoft Security, and I recently spoke about the unique challenges, like privacy, that youth confront as digital natives—defined as “a person born or brought up during the age of digital technology.”

Insights from Generation Z supplement the insights we get from adults and people currently in the workforce.  When Ann and I talked about Generation Z, we considered a couple of big questions: 

• How do younger generations think about and experience personal privacy in a digital world shaped by the sharing of personal information and narratives? 
• If young people forge a new understanding of privacy—where less privacy becomes the cultural norm—what might the implications be for society today and in the future? 

Privacy expectations have changed

To get answers, I recently sat down with nine remarkable future national security leaders, ages 16 to 19, who completed the 15-week Girl Security National Security Fellows Program, to discuss the experiences of girls and women online and how those experiences shape their understanding of cybersecurity.

In discussing what the internet and technology are getting right and what can be improved, the fellows explained that technology provides an unprecedented level of access to information and resources and is an affordable method of communication. However, they emphasized the need to make technology and cybersecurity education more accessible to more communities across the United States and globally through in-school learning, financial support for educational opportunities, and training programs like Girl Security.

Preventing large-scale disruptions through responsible technology is also crucial, according to Prachi, a 17-year-old high school student interested in cybersecurity. She noted that prevention can also be personalized with the use of multifactor authentication and password protection. Advancing more robust user-friendly policies, laws, and regulations is also imperative to maintaining digital trust.

Gurman, a 19-year-old who is pursuing a career in cybersecurity, added that the first step to protecting personal privacy in a shifting digital landscape is to acknowledge “how little is in our control.”

“The invasion of privacy is so normalized that we have stopped worrying about it in a way,” Gurman said. “Social media detoxes are becoming more popular because on some level, we understand as a society that living through a digital world isn’t healthy because it detaches us from reality. Yet, in my opinion, all of these things have the underlying assumption that tech is so pervasive, it cannot be controlled so we have to rationalize and normalize it as a way to seemingly maintain some control over our reality.” 

There’s a growing sense of apathy among younger generations with respect to personal security online and the proliferation of user data, according to Rachel, a 16-year-old interested in economic security. She emphasized young people’s willingness to readily share locational data and other personal data.

Amanda, a 17-year-old who is particularly interested in human rights and technology, added that while adults can benefit from tech education, young people are normalizing bad online behaviors by prioritizing convenience (like saved passwords) over privacy and security.

Security protection and consent remain a challenge

As we discussed the impact of a growing reliance on technology to share information among friends and family, attend school during the pandemic, run businesses, and more, the group considered what exactly should society seek to prevent, protect, preserve, and advance with technology.

“The government and industry should do more to prepare digital citizens for breaches or attacks that may compromise personal data and privacy,” according to Sama, an 18-year-old pursuing an interest in geopolitics and counterterrorism. She began using social media in elementary school and signed various consent forms regarding the use of her data. While aggregation of user data is not all bad—information can feed technology innovation—there need to be enhanced protections for youth on social media platforms, particularly around consent.

“Women and girls are empowered and more secure when they can claim more agency in their lives, especially in settings when they are not given choices,” explained Jasmine, a 19-year-old who is pursuing a career in international relations. “On the internet, I feel I have lost that control.” 

The burden is often placed on parents to educate youth about online harms, such as cyberbullying, harassment, image sharing, and doxing (when people reveal private information about someone), according to Jasmine. However, many Generation Z parents were born before the widespread advent of the internet and email, and often lack access to training and learning tools about the types of cybersecurity threats their children may confront online. 

In fact, some parents contribute to the sharing of children’s personal information online—sharenting is the sharing of a minor’s information by a parent or caregiver.¹ 

Nicole, a 16-year-old interested in climate security and technology, said she believes user-friendly policies, laws, and regulations might lessen generational tensions around sharenting. Such measures would build greater trust and confidence in the technology many youths in the United States and other parts of the world use every day. 

Making cybersecurity more accessible

Achieving greater individual online privacy and security for future generations and advancing government and industry standards requires adopting approaches like the Zero Trust model as well as installing mandatory reporting and incident notification systems, according to Sravya, a 16-year-old interested in cybersecurity and the role of language in our cybersecurity understanding. The fellows also emphasized the need to create a shared discourse across generations about the interconnectedness of personal privacy, cybersecurity, and national security. 

Generation Z perspectives can inform cybersecurity policies

We hope you’ve enjoyed hearing these Generation Z perspectives from the Girl Security fellows. In addition to the Girl Security National Security Fellows Program, girls interested in security pathways can also be mentored through Girl Security’s nationwide e-mentoring program and learn from leading experts from Microsoft Security and across government, industry, and the social sectors. In addition, Girl Security hosts summer empowerment programs, learning and training webinars, and community-based programming, including the Girl Scout patch Finding Your Superpowers in Cybersecurity created in partnership with Microsoft and Girl Security.

The program was kicked off to help young students learn security fundamentals, but it turns out, we have as much to learn from them about the importance of online privacy when developing cybersecurity policies and programs. Happy Women’s History Month!

Next steps

Learn more about Girl Security initiatives and the Cybersecurity Superpowers program.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Sharenting: 5 Questions to Ask Before You Post, Claire McCarthy, MD, FAAP, American Academy of Pediatrics. November 20, 2019.

Disclaimer: The views expressed here are solely those of the author and do not represent the views of Microsoft Corporation.

The post What Generation Z can teach us about cybersecurity appeared first on Microsoft Security Blog.

On a special episode of Afternoon Cyber Tea with Ann Johnson, Sandra Joyce, Executive Vice President and Head of Mandiant Intelligence at FireEye joined me to talk about threat attribution and accountability when it comes to the use of technology by bad actors to help spread misinformation.

As a US Air Force Reserve officer and faculty member at the National Intelligence University with four master’s degrees in cyber policy, international affairs, science and technology intelligence, and military operational art and science, Sandra is an expert in understanding how nation-state actors leverage traditional and social media channels to erode confidence in free and fair elections. Sometimes, those bad actors will use these core values, such as freedom of speech, against us, according to Sandra. For instance, she recounts the story of a foreign group that used those values against the US by fabricating letters from concerned citizens to be published in US newspapers.

In this powerful episode, Sandra discusses how threat actors are adopting new threat techniques—shifting from signature malware to commodity malware—and pivoting to smaller malware families that they hope will be overlooked by cybersecurity professionals. That combination will make it harder to detect threats amid the noise. She recommends that organizations research threats and undertake a threat profile on themselves to learn their vulnerabilities and the biggest threats that could target them. That can shape priorities. Using the metaphor of bank robbers, she says it’s not so hard to rush the guards in a building but is hard to learn the location of the safe, get the combination to the safe, and escape undetected. The latter is where the bulk of business intrusion happens. Companies need to root out threats in that lateral stage.

During our conversation, we also spoke about threat intelligence and what’s involved in threat actor attribution. After recognizing a cluster of threat activity, there’s a lot of work required to identify which organization or country is behind the threat. It usually takes months to collect information about the threat’s techniques, infrastructure, and command and control (C2) channel, which is the channel a threat actor uses to commandeer an individual host or to control a botnet of millions of machines. For years, FireEye’s Mandiant Threat Intelligence team has been tracking financial crime group Fin11, which deploys point-of-sale malware targeting the financial, retail, restaurant, and pharmaceutical industries. Both technical indicators and the targeting information prove useful in these investigations, in part as you learn about the bad actors’ intentions. To learn what organizations can do to combat threats, listen to Afternoon Cyber Tea with Ann Johnson: Taking a “when, not if” approach to cybersecurity on Apple Podcasts or PodcastOne.

What’s next

A new season of Afternoon Cyber Tea with Ann Johnson launches this October 2021 on The CyberWire! In this important cyber series, I talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, IoT, and other emerging tech.

You can listen to Afternoon Cyber Tea with Ann Johnson on:

• Apple Podcasts: You can also download the episode by clicking the Episode Website link.
• PodcastOne: Includes the option to subscribe, so you’re notified as soon as new episodes are available.
• CISO Spotlight page: Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, compliance, going passwordless, and more.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.

The post Afternoon Cyber Tea: Learn how to stop misinformation threats from nation-state bad actors appeared first on Microsoft Security Blog.

As CISO, Bret is responsible for disaster recovery at the enterprise level. He is the chair of Microsoft’s Risk Management Council and has directed Microsoft’s crisis management in the wake of COVID-19. It responds to 30 crises a year, with life safety the highest priority, followed by customers and Microsoft. The council focuses on preparation for four types of disaster and crisis recovery: planned acts (such as weather storms), unplanned acts (such as natural disasters), illegal attacks, and pandemics. Cyberattacks typically fall under illegal attacks. Certain events, such as the Olympics and elections, tend to draw out opportunistic bad actors more than others because people are more vulnerable to social engineering attacks.

Similarly, the pandemic and the social unrest in the United States have made people more susceptible to phishing scams and other cyberattacks. Before the pandemic, cybersecurity incidences had doubled every year for five years. During the pandemic, opportunistic campaigns, including a huge increase in human-operated ransomware attacks, have emerged because of people’s social engineering vulnerability. The number of phishing scams hasn’t changed much, however, the approach has shifted to mimicking health information sites and other pandemic-related schemes. Because more people are working from home, there’s been a big increase in bad actor campaigns targeting desktop protocol.

During our conversation, we also spoke about how to build a disaster recovery program and how moving to a Zero Trust security model helped Microsoft respond more agilely to the new security threats created by the pandemic. Over the past year, that approach has meant making sure all devices are managed, requiring multifactor authentication, figuring out how productivity apps work in a distributed way, and moving all meetings to Microsoft Teams. Microsoft also prioritized service monitoring and user identity and access.

Despite all the planning, there have been surprises, such as realizing that eight-hour all-hands meetings aren’t effective when online and that moving all meetings online creates a level playing field for employees. To learn what cybersecurity steps to take when your entire workforce is remote, listen to Afternoon Cyber Tea with Ann Johnson: Working Through It: Operational Resilience in the Face of Disaster on Apple Podcasts or PodcastOne.

What’s next

A new season of Afternoon Cyber Tea with Ann Johnson launches today featuring Admiral (RET) Mike Rogers, Former Head of United States Cyber Command, discussing the recent cyberattacks on the US supply chain and what we can do to stop them! Check out new episodes every Tuesday. In this important cyber series, Ann will talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, IoT, and other emerging tech.

“It isn’t just about technology. Never forget the human dynamic in all this. Again, I used to say this to our nation’s leadership, “Sir, you can write the biggest check in the world and it still won’t be enough. We can’t solve this by just throwing money at the problem.” Put another way, we can have the greatest technology with the highest level of investment, but if we don’t have a smart user community, that makes smart choices, that’s part of our strategy…. It’ll be totally undermined everyday by bad choices that our users are making.” – Admiral (RET) Michael Rogers, Former Head of United States Cyber Command

You can listen to Afternoon Cyber Tea with Ann Johnson on:

• Apple Podcasts: You can also download the episode by clicking the Episode Website link.
• PodcastOne: Includes the option to subscribe, so you’re notified as soon as new episodes are available.
• CISO Spotlight page: Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, compliance, going passwordless, and more.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.

The post Afternoon Cyber Tea: Microsoft’s cybersecurity response to COVID-19 appeared first on Microsoft Security Blog.

When I spoke with Jules Okafor on an episode of Afternoon Cyber Tea with Ann Johnson, she shared how she has seen many cybersecurity projects fail not because of the technology put in place, but rather, the organization’s inability to communicate responsibilities or the expected results. One of the biggest pitfalls is the result of a very good intention when a new technology is excitedly implemented before developing a process.

Jules Okafor, JD, is the Founder and CEO of RevolutionCyber, a full-service privacy information security awareness and marketing communications firm, and the former Senior Vice President of Global Security Solutions for Fortress Information Security. Jules also advocates for greater diversity and inclusion in the cybersecurity industry. During our discussion, she shared how she believes the industry has been insulated from discussions about race because the focus has been on protecting companies from cyberattacks without the lens of futureproofing against biases. Companies can and should be doing more, including sharing examples of technology bias with the public, assessing their own practices to check for unintended bias, and listening when employees approach management and human resources with concerns. Many accomplished women and people of color are leaving the industry because they don’t feel heard.

In the real world, bias and racism are costing people their lives. In the online world, bias in technologies, like facial recognition software, can be detrimental. While on a recent Slack channel conversation where a participant mentioned a product that promised to let you undertake diversity and inclusion work via text message, she thought, “This is the problem.” This experience suggests that people are trying to automate complex, multi-generational problems to satisfy compliance. Until his death, civil rights activist and leader John Lewis was all-in when it came to fighting racial injustice and bias. Until people in the cybersecurity industry are all-in to that extent, there won’t be much change.

During our conversation, we also spoke about how a Craigslist post started her cybersecurity career and strategies to effectively sell cybersecurity solutions. One aspect of her job she especially enjoys is making the technical understandable to non-technical people. This can be a missing piece for some technology companies, too. Many are overly focused on building tools rather than on addressing business challenges. Most successful cybersecurity is invisible to most people, so purchasing technology becomes a tangible way to justify their role. To learn steps to take that show your company cares about becoming more diverse and solving business problems, listen to Afternoon Cyber Tea with Ann Johnson: Fortifying security strategies with a cyber mindset on Apple Podcasts or PodcastOne.

What’s next

A new season of Afternoon Cyber Tea with Ann Johnson will launch on June 15, 2021. In this important cyber series, I talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, IoT, and other emerging tech.

You can listen to Afternoon Cyber Tea with Ann Johnson on:

• Apple Podcasts: You can also download the episode by clicking the Episode Website link.
• PodcastOne: Includes the option to subscribe, so you’re notified as soon as new episodes are available.
• CISO Spotlight page: Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, compliance, going passwordless, and more.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.

The post Afternoon Cyber Tea: Cybersecurity challenged to meet diversity goals appeared first on Microsoft Security Blog.