Microsoft’s leadership

Zero Trust has become the industry standard for securing complex, highly distributed digital estates. And Microsoft is in a unique position to help customers with their security needs, as Microsoft delivers end-to-end cross-cloud, cross-platform security solutions, which integrate more than 50 different categories across security, compliance, identity, device management, and privacy, informed by more than 65 trillion threat signals we see each day. Microsoft is actively engaged with the National Institute of Standards and Technology (NIST), most recently providing public commentary for the NIST National Cybersecurity Center of Excellence (NCCoE) and participating in The Open Group where we co-chaired the Zero Trust Architecture (ZTE) forum. As we look to the future, Microsoft recognizes that customers are entering the era of AI. And by combining the principles of Zero Trust with the capabilities of AI, organizations will have the potential to create a formidable defense against modern cyberthreats. In this blog, we will explore Forrester’s latest evaluation of the Microsoft end-to-end Zero Trust architecture and what the future will hold by leveraging the power of AI.

Forrester Wave™: Zero Trust Platforms report

See why Forrester recognizes Microsoft as a Leader in Zero Trust.

Read the report

Comprehensive end-to-end protection

Its Copilot theme carries over to a notable vision to provide end-to-end, step-by-step guidance for implementing ZT while leveraging AI. This means customer can take their ZT journey with Microsoft in lockstep.

Forrester Wave™: Zero Trust Platforms, Q3 2023 report

We are proud that the Microsoft Zero Trust platform has been recognized as a Leader in the Forrester Wave™: Zero Trust Platforms, Q3 2023 report, which we believe demonstrates Microsoft’s strong track record for being a comprehensive end-to-end platform.

The Forrester Wave™ report evaluates Zero Trust platforms based on criteria that include network security, centralized management and usability, data security, device security, automation, orchestration, people, and identity security—along with both on-premises and cloud deployments. In the latest evaluation for Q3 2023, the Microsoft end-to-end Zero Trust architecture has demonstrated its excellence in these areas by being named a Leader in this inaugural Forrester Wave™ report evaluating Zero Trust Platform Providers. The Microsoft end-to-end Zero Trust model received the highest possible score in the following categories based on the Forrester analyst criteria: people and identity security, device security, enabling and protecting the hybrid workforce, data security, automation and orchestration, visibility, and analytics.

Zero Trust in the age of AI

In an era where AI is rapidly transforming how we work, its convergence with cybersecurity brings both immense opportunities and new challenges. Here’s why Zero Trust becomes even more crucial:

1. Sophistication of threats: As cyberattacks have become more sophisticated and capable of evading traditional security measures, Zero Trust, with its emphasis on continuous verification, explicit verification, and least privileged access, offers a more effective defense against these advanced threats with or without AI capabilities.
2. Data protection and privacy: AI relies on vast amounts of customers’ data to help the user be more productive, and safeguarding this data is paramount. Zero Trust’s data-centric approach ensures that access to sensitive data is highly controlled, mitigating the risk of unauthorized AI-driven breaches.
3. Automated responses: AI-enabled security can provide rapid automated responses to threats. When integrated with Zero Trust, AI-driven responses become even more effective by improving alert fatigue, adapting access controls in real-time, minimizing damage, and containing potential breaches.

Looking to the future

Microsoft’s leadership in Zero Trust, as shown by the latest Forrester Wave™, highlights our commitment to continuously evolving cybersecurity to meet the security demands of the digital age. With AI becoming a cornerstone of modern threats and defenses, the Zero Trust principles of assume breach, least privileged access, and continual explicit verification are more crucial than ever. As organizations navigate the evolving landscape of cyberthreats, the synergy between Microsoft’s end-to-end Zero Trust strategy and the capability of AI provides a formidable defense mechanism that is both forward-looking and resilient.

For more information on this recognition, check out the full Forrester Wave™: Zero Trust Platforms, Q3 2023 report. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

Forrester Wave™: Zero Trust Platform Providers, Q3 2023, Carlos Rivera and Heath Mullins, September 19^th, 2023

The post Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report appeared first on Microsoft Security Blog.

When I read the United States Securities and Exchange Commission (SEC) proposed rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, I saw an opportunity for cybersecurity professionals to add value to their organizations and to further their conversations with the board of directors. The proposed rule is on the Office of Management and Budget’s regulatory calendar for April 2023.¹

The information disclosed by companies under this rule would be submitted in eXtensible Business Reporting Language (XBRL) to be made broadly available to market participants for comparison, filtering, and analysis.² This is important to the board from both a compliance and a shareholder value perspective. It’s an opportunity for a company to differentiate itself from competitors through its cultural and infrastructure investments in IT security.

Proposed SEC rule on cybersecurity risk management, strategy, governance, and incident disclosure

The March 9, 2022, SEC proposed rules³ for publicly traded companies supplement the SEC’s guidance of October 13, 2011,⁴ and February 26, 2018,⁵ regarding disclosure of cybersecurity breaches and incidents. It makes the requirements more comprehensive, including reporting on:

• Cybersecurity incidents and updating incidents previously reported.
• The company’s policies and procedures for detecting and dealing with cybersecurity risks.
• Oversight of cybersecurity governance by the board of directors.
• Management’s role and expertise in cybersecurity risk management, including policies, procedures, and strategy.
• Reporting on the board of director’s cybersecurity expertise.

This would require the board to become more aware of and involved in the company’s cyber risk posture. The chief information security officer (CISO) is best positioned to enable the board in this regard. The SEC guidance encourages the board to seat directors with cybersecurity expertise and perhaps stand up a cybersecurity committee.

Reporting of cybersecurity incidents

Reporting of cyber incidents including breaches is the focus of the existing SEC rules. The proposal expands this to require reporting within four business days of the date that the company determines it to be material. Included in the reporting is when the incident is discovered, if it is ongoing, the scope, if data was stolen or accessed, its effect on operations, and the status of remediation.

The scope of reportable incidents would be expanded to include those smaller incidents, which, in the aggregate, become material.

The term “material” is defined as whether a reasonable shareholder would consider it important, leaving some room for interpretation.

The proposal requires that the company update its reporting on an incident with any material changes in its quarterly or annual report.

This makes it all the more important that companies have tools in place to prevent attacks and minimize time to detection, like Microsoft 365 Defender and Microsoft Sentinel. They need to minimize the impact of a breach.⁶ A data breach may be reportable to regulators and customers or a minor incident dealt with by the security team. The company needs the tools, like Microsoft Purview Premium Audit, to know which.⁷ Without the right tools in place before the incident, a company may have to do more reporting to regulators and the marketplace than is necessary.

Disclosure of cybersecurity risk management, strategy, and governance

Companies would be required to disclose if they have a cybersecurity risk assessment program and to describe it. This includes how the company works with auditors, consultants, and other third parties.   

They would be required to describe how they protect, detect, and minimize the effects of cybersecurity incidents. They would describe their cybersecurity policies and procedures, including business continuity and disaster recovery. They would describe how they select, retain, and use third parties to enable these activities and also how cybersecurity considerations affect the selection of service providers. They would describe how past cybersecurity incidents have influenced these as lessons learned.

How the selection of partners, including cloud service providers, affects the company’s security posture would be communicated to the marketplace. The company needs information to assess this and ensure that the vendor is a good security partner throughout the relationship.

Microsoft provides the service trust portal to give our customers the third-party assessments and evidence they need to make informed decisions and to support them during assessments and audits. We provide information for Microsoft Azure, Microsoft Dynamics 365, and Microsoft 365 customers to help comply with a wide range of global, regional, industry, and government regulations with our Microsoft compliance offerings documentation.⁸ For customers to assess their compliance with more than 350 regulatory standards in Microsoft 365,⁹ we offer Microsoft Purview Compliance Manager.¹⁰ For Azure customers, Microsoft provides the Regulatory compliance dashboard in Microsoft Defender for Cloud, which also provides visibility into the compliance posture of non-Microsoft clouds.¹¹

Companies would be required to describe how cybersecurity incidents have or might in the future affect their operations and financial performance and how these risks are dealt with as part of the company’s business planning.

This aligns with corporate governance scoring that credits companies for the investment, planning, and expertise in IT security.¹² It provides an increased return on a company’s cultural and infrastructure investments in IT security.

Disclosure regarding governance and the board of director’s cybersecurity expertise

Companies would disclose their cybersecurity governance including a description of both how the board and how management provide oversight, assess, and manage cybersecurity risk. They would describe management’s cybersecurity expertise and role in cybersecurity for the company.

Companies would disclose each board member with cybersecurity expertise and describe it under the proposed rule. The proposed rule is not prescriptive as to what constitutes expertise. It provides some examples such as experience in information security, policy, architecture, engineering, incident response, certifications, or degrees.

This may encourage organizations to select directors with these skill sets. It may also encourage a company to stand up a cybersecurity committee within the board.

This will likely mean that the CISO will be enabled to advocate for the needs of the information security program, and communicate the security posture and plans to an informed audience. It may provide opportunities for cybersecurity professionals to serve on boards.

Microsoft can help security teams meet this opportunity

Whatever the final content of the SEC rule, it will be an opportunity for the CISO to increase and highlight the value of the IT security function. It will expand the scope of their communications with the board. It will supplement the business case for investment in IT security. By making information on a company’s cybersecurity posture and governance broadly available, stakeholders can make better-informed decisions about cyber risk. This helps transition IT security from a cost center to a business enabler where it belongs.

Learn more about Microsoft 365 Defender, Microsoft Purview and Microsoft Sentinel.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Regulatory calendar, Office of Information and Regulatory Affairs. 2023.

²An Introduction to XBRL, XBRL.org.

3Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, SEC. March 9, 2022.

⁴CF Disclosure Guidance: Topic No. 2, SEC. October 13, 2011.

⁵Commission Statement and Guidance on Public Company Cybersecurity Disclosures, SEC. February 26, 2018.

⁶Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impact, Steve Vandenberg. January 6, 2021.

⁷Auditing solutions in Microsoft Purview, Microsoft Learn. February 21, 2023.

⁸Microsoft compliance offerings, Microsoft Learn.

⁹Compliance Manager templates list, Microsoft Learn. February 22, 2023.

¹⁰Microsoft Purview Compliance Manager, Microsoft Learn. February 22, 2023.

¹¹Customize the set of standards in your regulatory compliance dashboard, Microsoft Learn. February 8, 2023.

¹²IT security: An opportunity to raise corporate governance scores, Steve Vandenberg. August 8, 2022.

The post SEC cyber risk management rule—a security and compliance opportunity appeared first on Microsoft Security Blog.

Microsoft has a unique level of access to data on cyber threats and attacks globally, and we are committed to sharing this information and insights for the greater good. As illustrated by recent attacks, we collaborate across the public and private sectors, as well as with our industry peers and partners, to create a stronger, more intelligent cybersecurity community for the protection of all.

This collaborative relationship includes the United States government, and we celebrate the fast-approaching milestones of the US Cybersecurity Executive Order² (EO). The EO specifies concrete actions to strengthen national cybersecurity and address increasingly sophisticated threats across federal agencies and the entire digital ecosystem. This order directs agencies and their suppliers to improve capabilities and coordination on information sharing, incident detection, incident response, software supply chain security, and IT modernization, which we support wholeheartedly.

With these national actions set in motion and a call for all businesses to enhance cybersecurity postures, Microsoft and our extensive partner ecosystem stand ready to help protect our world. The modern framework for protecting critical infrastructure, minimizing future incidents, and creating a safer world already exists: Zero Trust. We have helped many public and private organizations to establish and implement a Zero Trust approach, especially in the wake of the remote and hybrid work tidal wave of 2020-2021. And Microsoft remains committed to delivering comprehensive, integrated security solutions at scale and supporting customers on every step of their security journey, including detailed guidance for Zero Trust deployment.

Zero Trust’s critical role in helping secure our world

The evidence is clear—the old security paradigm of building an impenetrable fortress around your resources and data is simply not viable against today’s challenges. Remote and hybrid work realities mean people move fluidly between work and personal lives, across multiple devices, and with increased collaboration both inside and outside of organizational boundaries. Entry points for attacks—identities, devices, apps, networks, infrastructure, and data—live outside the protections of traditional perimeters. The modern digital estate is distributed, diverse, and complex.

This new reality requires a Zero Trust approach.

Section 3 of the EO calls for “decisive steps” for the federal government “to modernize its approach to cybersecurity” by accelerating the move to secure cloud services and Zero Trust implementation, including a mandate of multifactor authentication and end-to-end encryption of data. We applaud this recognition of the Zero Trust strategy as a cybersecurity best practice, as well as the White House encouragement of the private sector to take “ambitious measures” in the same direction as the EO guidelines.

Per Section 3, federal standards and guidance for Zero Trust are developed by the National Institute of Standards and Technology (NIST) of the US Department of Commerce, similar to other industry and scientific innovation measurements. NIST has defined Zero Trust in terms of several basic tenets:

• All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
• Access to trust in the requester is evaluated before the access is granted. Access should also be granted with the least privileges needed to complete the task.
• Assets should always act as if an attacker is present on the enterprise network.

At Microsoft, we have distilled these Zero Trust tenets into three principles: verify explicitly, use least privileged access, and assume breach. We use these principles for our strategic guidance to customers, software development, and global security posture.

Organizations that operate with a Zero Trust mentality are more resilient, consistent, and responsive to new attacks. A true end-to-end Zero Trust strategy not only makes it harder for attackers to get into the network but also minimizes potential blast radius by preventing lateral movement.

While preventing bad actors from gaining access is critical, it’s only part of the Zero Trust equation. Being able to detect a sophisticated actor inside your environment is key to minimizing the impact of a breach. Sophisticated threat intelligence and analytics are critical for a rapid assessment of an attacker’s behavior, eviction, and remediation.

Resources for strengthening national security in the public and private sectors

We believe President Biden’s EO is a timely call-to-action, not only for government agencies but as a model for all businesses looking to become resilient in the face of cyber threats. The heightened focus on incident response, data handling, collaboration, and implementation of Zero Trust should be a call-to-action for every organization—public and private—in the mission to better secure our global supply chain, infrastructure resources, information, and progress towards a better future.

Microsoft is committed to supporting federal agencies in answering the nation’s call to strengthen inter- and intra-agency capabilities unlocking the government’s full cyber capabilities. Recommended next steps for federal agencies have been outlined by my colleague Jason Payne, Chief Technology Officer of Microsoft Federal. As part of this responsibility, we have provided Federal agencies with key Zero Trust Scenario Architectures mapped to NIST standards, as well as a Zero Trust Rapid Modernization Plan.

Microsoft is also committed to supporting customers in staying up to date with the latest security trends and developing the next generation of security professionals. We have developed a set of skilling resources to train teams on the capabilities identified in the EO and be ready to build a more secure, agile environment that supports every mission.

In addition to EO resources for federal government agencies, we are continuing to publish guidance, share learnings, develop resources, and invest in new capabilities to help organizations accelerate their Zero Trust adoption and meet their cybersecurity requirements.

Here are our top recommended Zero Trust resources:

• For details on how Microsoft defines Zero Trust and breaks down solutions across identities, endpoints, apps, networks, infrastructure, and data, download the Zero Trust Maturity Model.
• To assess your organization’s progress in the Zero Trust journey and receive suggestions for technical next steps, use our Zero Trust Assessment tool.
• For technical guidance on deployment, integration, and development, visit our Zero Trust Guidance Center for step-by-step guidance on implementing Zero Trust principles.
• If you’d like to learn from our own Zero Trust deployment journey at Microsoft, our Chief Information Security Officer Bret Arsenault and team share their stories at Microsoft Digital Inside Track.

Tackling sophisticated cyber threats together

The EO is an opportunity for all organizations to improve cybersecurity postures and act rapidly to implement Zero Trust, including multifactor authentication and end-to-end encryption. The White House has provided clear direction on what is required, and the Zero Trust framework can also be used as a model for private sector businesses, state and local governments, and organizations around the world.

We can only win as a team against these malicious attackers and significant challenges. Every step your organization takes in advancing a Zero Trust architecture not only secures your assets but also contributes to a safer world for all. We applaud organizations of every size for embracing Zero Trust, and we stand committed to partnering with you all on this journey.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Nobelium Resource Center, Microsoft Security Response Center. 04 March 2021.

²President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks, The White House, 12 May 2021.

The post The critical role of Zero Trust in securing our world appeared first on Microsoft Security Blog.

The impact of this crisis makes it more important than ever to prioritize the education, careers, well-being, and growth of women at work. We are proud to be a part of a company and security team at Microsoft that makes it a priority to invest in programs and initiatives that will help support the role of women in the workforce today and in the future so they can bring their best selves to work every single day.

That is why as a collective group of security women, we feel it is important to share a bit about these efforts, as well as some thoughts from fellow leaders across our security teams on how we can work together to recognize and build on women’s achievements in cybersecurity.

New cybersecurity threats require diverse security perspectives

In addition to the personal impact it has had on so many, the pandemic has also threatened our cybersecurity community. With companies sending most of their employees home to work, cybercriminals have been eager to take advantage of new endpoints in their attempts to assess company systems. As well, phishing schemes have targeted people by mimicking pandemic healthcare alerts or unemployment information.

This increase in cybersecurity threats compounds the strain already placed on existing cyber defenders. With the cyber talent gap widening, we need more diverse cybersecurity professionals than ever to thwart them. Women make up just 24 percent of the cybersecurity workforce, according to the 2019 (ISC)² report, Cybersecurity Workforce Study: Women in Cybersecurity. That imbalance is a big problem and during an online discussion called “Future Proofing Against Bias in Tech,” participating women Microsoft leaders shared why. For one, gender-diverse teams make better business decisions 73 percent of the time, according to a Cleverpop study mentioned during the discussion.

It also is critical to catch cyber threats because limiting your hiring to only certain types of cybersecurity professionals can lead to biases and missed threat protection opportunities. And if there’s one thing we know about cybercriminals, it’s that they’re very good at exploiting our biases.

Joy Chik, who is Microsoft Corporate Vice President for the Identity division shares, “Building diverse cyber teams provides a strategic advantage. Diversity drives innovation and devalues group think. This helps to give us an edge in how we build our products, design our security programs, and respond to threats—ultimately giving us an upper hand against cybercriminals who exploit our biases.”

What’s Microsoft Security doing to help?

Cybersecurity represents an exciting career opportunity for women, especially now with cyber threats on the rise against a backdrop of women disproportionately affected by job loss due to the pandemic. It raises the importance of opening up more opportunities for women into higher-skilled professions, including technology. In response to the pandemic’s severe impact on parts of the labor market, Microsoft launched its Global Skills Initiative to help 25 million people worldwide acquire digital skills and certifications to find new jobs. With our mission of Security for all, Microsoft Security is making it possible through our sponsorships and programs to making cybersecurity available to everyone—as a professional option and as business protection against cyber threats.

Microsoft is partnering on several programs aimed at encouraging girls and women to consider careers in cybersecurity and expanding career opportunities for women. These programs include:

• Girls Go Cyberstart: Launched in 2017, this program aims to inspire and uncover future female talent by featuring a girls-only community in the national program CyberStart America. Female cybersecurity professionals at Microsoft have encouraged top high school Girls Go Cyberstart clubs by sharing how they got into security.
• WYiCyS: Established in 2012, this global community creates opportunities for women in cybersecurity through professional development programs, conferences, and career fairs.
• CyberShikshaa: Launched in 2018 by Microsoft India and the Data Security Council of India, this program is creating a pool of skilled female cybersecurity professionals.
• Microsoft Cybersecurity Professional Program: Launched in 2018, this program helps aspiring cybersecurity professionals, as well as late-stage career transformers, learn the necessary skills to start a career in cybersecurity. To date, we’ve seen over 4,000 registrations, spanning a diverse range of ages and abilities.
• DigiGirlz: This program gives high school girls the chance to participate in hands-on computer and technology workshops, learn about careers in technology, and connect with Microsoft employees. We also help girls grow their skills and love for technology through our support of TECHNOLOchicas, Black Girls CODE, and Girls Who Code.
• Microsoft Women in Security: This long-running, company-wide initiative was started with the goal of building a strong internal community of female cyber professionals through programs, mentorships, and week-long events.
• Cybersecurity Converge Tour: In partnership with organizations like the Security Advisory Alliance (SAA), Microsoft hosted students in New York City for a “Capture the Flag” interactive education and mentorship event with the goal of creating 20,000 internship opportunities and increasing the number of women and minority security professionals. We’ve also sponsored key events that support women like Executive Women’s Forum, The Diana Initiative, and Wicked 6 Cyber Games.

How to encourage more women in cybersecurity

Encouraging more girls and women to get into cybersecurity creates more effective companies. It can also help reduce the world’s shortage of qualified cybersecurity workers, which is expected to grow to 3.5 million in 2021.

As we look past the pandemic, we can expect that cybersecurity challenges will continue to evolve. AI, machine learning, and quantum computing will shape our response, but technology alone will not be enough. Some of our challenges can only be solved by people—those with different backgrounds, ideas, and experiences. Women are such a crucial part of this. We must continually commit to supporting and empowering women leaders so that we can grow and educate the next generation of female cybersecurity superheroes.

We are so lucky to work with so many talented woman leaders across the security teams at Microsoft. Together we’ve put together some tips on how we can all work to increase the number of women in cybersecurity.

1. Commit to recruiting more women and retaining them

Nothing will change unless your organization commits to increasing its diversity. That starts at the top, with senior executives and other company leaders prioritizing a diverse workforce and asking themselves tough questions about why there are no women or very few women on their technology teams.

We believe the persistent gender gap in STEM starts early, so we must as well. A few years ago, a colleague’s pre-teen daughter signed up for an after-school robotics class and when she arrived, saw only two girls in the room. Unfortunately, we’re losing many girls from STEM before they are even out of middle school. We’ve got to work harder to build curriculums that fit with their age and focus not just on the mechanics of coding but with more emphasis on creativity and real-world problem-solving. Giving them an opportunity to see the breadth of cybersecurity will encourage even our youngest future cyber warriors.

Once women are in those technology roles, it’s just as important to prevent a talent drain. 52 percent of women leave technology fields—nearly double the percentage of men who quit the technology field. In part, the problem can be attributed to women feeling stalled in their careers, with a Center for Talent Innovation study finding that 27 percent of women in tech jobs feeling that way and 32 percent were considering quitting in the next year.

2. Expand your definition of qualified candidates

Some hiring managers may reject qualified women candidates because they don’t fit a preconceived notion of a cybersecurity professional who checks all the expected boxes for age, gender, and race and has the technical skills, degrees, and certifications. This limited view causes companies to miss out on some incredible candidates.

The best cybersecurity professionals are insatiable learners and highly skilled problem-solvers. They may not work in cybersecurity or have a college degree but could become incredible assets to your organization.

According to one of our Microsoft Cyber Defense Operations Center (CDOC) Directors in the CISO Spotlight episode 7: People behind the cloud, “We want to bring in as many people of diverse backgrounds and skills as the problems we’re trying to solve. I’ve got university hires, military veterans, a mom who rides a motorcycle, people with advanced degrees, and just about everything in between. We do have some specialists who have done this for a really long time but we also get people who are coming in with a fresh perspective and they’re looking at things in a different way.”

3. Educate and encourage women on cybersecurity and how to apply

There are opportunities for women at all levels in cybersecurity and the field is much wider than many imagine, encompassing roles in security products, cybercrime, compliance, privacy, and other related domains. According to Julie Brill, Microsoft’s Chief Privacy Officer, women early in their careers or changing roles mid-career may underestimate their qualifications, in part because the industry may be sending the wrong message to women on the value they can add to an organization even in the early stages of their careers.

“Talent comes from many places and doesn’t require a decade of prior experience. Women who are earlier in their careers are more likely to be digital natives and facile with technology. This tech-savvy generation brings critical insight into how we can approach user-centric privacy features across our products. Enthusiastic women professionals can add value to the diverse teams that are working quickly to address the constantly changing cybersecurity and privacy landscape. We will always need innovative thinkers at any stage of their career who are passionate about the impact they can make for the tech industry and society overall. There is so much opportunity to pursue a career in privacy and cybersecurity, and there is plenty of work to be done.”—Julie Brill, Chief Privacy Officer at Microsoft

Given the potential, Microsoft Security is paving the way by sponsoring these cybersecurity programs listed in this blog. We believe it is important to educate mid-level school and high school students about these opportunities, coach them, and give them career guidance in addition to teaching security fundamentals. In the future, we will also collaborate and sponsor Girl Security with a fellowship program to provide career education and mentoring to people with diverse backgrounds—enabling security to benefit all.

4. Help candidates counter self-doubt

Imposter syndrome—candidates entering high skills fields can often feel self-doubt, insecurity, and undeserving of their role. Help set the right tone from the outset by reassuring them that they don’t need a perfect set of qualifications or an ideal background to become an amazing security engineer or cybercrime investigator.

No one was born with security knowledge and experience. People learn as they go along. As we’ve heard from Kristina in the CISO Spotlight Episode, people of all different backgrounds make good security professionals.

Support women in cybersecurity

The work to develop programs and practices that attract and retain women in the field of cybersecurity is ongoing and moves as quickly as the field changes. In April, Microsoft Security is kicking off the Girl Security Fellowship program, a series of webcasts and training sessions that lead into the summer sharing inspiring stories from many of our women cybersecurity leaders and helping high school students learn security fundamentals along with mentorships. More information on the Microsoft and Girl Security program will be mentioned in a subsequent blog post later in March.

By embracing cybersecurity for all, we can both expand women’s options in the workforce and more effectively secure companies against threats. Stay tuned for more blogs this month featuring our women leaders in Cybersecurity. Happy International Women’s Day!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Other blogs to reference:

• CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats.
• Microsoft Security: How to cultivate a diverse cybersecurity team.
• New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security.
• Exploiting a crisis: How cybercriminals behaved during the outbreak.

The post International Women’s Day: How to support and grow women in cybersecurity appeared first on Microsoft Security Blog.

To help our customers address alert fatigue but still maintain detection efficacy, Microsoft is leveraging the power of Threat Intelligence, native solution integration, AI, and automation to deliver a unique SIEM and XDR approach—to help tackle the challenge of alert fatigue. But first things first—what exactly are alerts, events, and incidents in the context of security operations? Below is a graphic that will help answer this question before we delve deeper into how Microsoft technology is helping SOC teams sift through high volumes of alerts and narrow down to manageable high-fidelity incidents.

Let us now look at the six strategies that Microsoft employs to help our customers deal with the alert fatigue problem:

1. Threat intelligence

To combat cyberthreats, Microsoft amalgamates trillions of daily signals, across all clouds and all platforms, for a holistic view of the global security ecosystem. Using the latest in machine learning and artificial intelligence techniques—plus the power of smart humans—we put these signals to work on behalf of our customers taking automated actions when threats are detected, and providing actionable intelligence to security teams when further contextual analysis is required.

2. Native integration

Microsoft leverages the tight integration across its threat protection solution stack to help customers connect the dots between disparate threat signals and develop incidents by grouping quality alerts from different parts of their environment and stitching together the elements of a threat. First-party security solutions within the Microsoft 365 Defender offering enable our customers to benefit from real-time interactions amongst the tools, backed by insights from the Intelligent Security Graph. As a result, the quality of alerts is improved, false positives are significantly reduced at source, and in some cases, automatic remediation is completed at the threat protection level. Additionally, this can be combined with log data drawn from third-party solutions such as network firewalls and other Microsoft solutions to deliver an end-to-end investigation and remediation experience, as depicted in the image below.

3. Machine learning

The third strategy that we employ is the ingestion of billions of signals into our security information and event management (SIEM) solution (Azure Sentinel) then passing those signals through proven machine learning models. Machine Learning is at the heart of what makes Azure Sentinel a game-changer in the SOC, especially in terms of alert fatigue reduction. With Azure Sentinel we are focusing on three machine learning pillars: Fusion, Built-in Machine Learning, and “Bring your own machine learning.” Our Fusion technology uses state-of-the-art scalable learning algorithms to correlate millions of lower fidelity anomalous activities into tens of high fidelity incidents. With Fusion, Azure Sentinel can automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill-chain.

On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be difficult to catch. Secondly, with built-in machine learning, we pair years of experience securing Microsoft and other large enterprises with advanced capabilities around techniques such as transferred learning to bring machine learning to the reach of our customers, allowing them to quickly identify threats that would be difficult to find using traditional methods. Thirdly, for organizations with in-house capabilities to build machine learning models, we allow them to bring those into Azure Sentinel to achieve the same end-goal of alert noise reduction in the SOC. Below is a real-life depiction captured within a certain month where machine learning in Azure Sentinel was used effectively to reduce signal noise.

4. Watchlists

Watchlists ensure that alerts with the listed entities are promoted, either by assigning them a higher severity or by alerting only on the entities defined in the watchlist. Among other use-cases, Azure Sentinel leverages Watchlists as a high-fidelity data source that can be used to reduce alert fatigue. For example, this is achieved by creating “allow” lists to suppress alerts from a group of users or devices that perform tasks that would normally trigger the alert, thereby preventing benign events from becoming alerts.

5. UEBA

User and entity behavior analytics (UEBA) is natively built into Azure Sentinel targeting use-cases such as abuse of privileged identities, compromised entities, data exfiltration, and insider threat detection. Azure Sentinel collects logs and alerts from all of its connected data sources, then analyzes them and builds baseline behavioral profiles of your organization’s entities (users, hosts, IP addresses, applications, and more) across peer groups and time horizons. With the UEBA capability, SOC analysts are now empowered to reduce not just false positives but also false negatives. UEBA achieves this by automatically leveraging contextual and behavioral information from peers and the organization that typical alert rules tend to lack. The image below depicts how UEBA in Azure Sentinel narrows down to only the security-relevant data to improve detection efficiency:

6. Automation

The lower tiers of a SOC are typically tasked with triaging alerts, and this is where the critical decisions need to be made as to whether alerts are worth investigating further or not. It is also at this point that automation of well-known tasks that do not require human judgment can have the most significant impact in terms of alert noise reduction. Azure Sentinel leverages Logic Apps native to Azure to build playbooks that automate tasks of varying complexity. Using real-time automation, response teams can significantly reduce their workload by fully automating routine responses to recurring types of alerts, allowing SOC teams to concentrate more on unique alerts, analyzing patterns, or threat hunting. Below is an example of a security playbook that will open a ticket in ServiceNow and send a message to an approver. With a click of a button, if they confirm activity from a malicious IP as a true positive, then automatically that IP is blocked at the firewall level, and the user’s ID is disabled in Azure Active Directory.

Summary

We have looked at 6 effective strategies that organizations can use to minimize alert fatigue and false positives in the SOC. When combined together across a unified ecosystem including Threat Intelligence, the Microsoft Security suite, UEBA, automation, and orchestration capabilities tightly integrated with the Azure platform and Azure Sentinel alert noise can be significantly reduced. Additionally, Azure Sentinel offers capabilities such as alert grouping and the intuitive Investigation Graph which automatically surfaces prioritized alerts for investigation and also provides automated expert guidance when investigating incidents. To significantly increase your detection rates and reduce false positives while simplifying your security infrastructure, including our unique SIEM and XDR solution comprising Azure Sentinel and Microsoft Defender capabilities into your threat defense and response strategy.

Additional resources

• Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built-in intelligence and automation.
• Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals.
• Microsoft uses threat intelligence to protect, detect, and respond to threats.
• Tutorial: Set up automated threat responses in Azure Sentinel.
• How a customer significantly reduced alert fatigue using machine learning in Azure Sentinel.
• Use Azure Sentinel Watchlists.
• What’s new: Azure Sentinel User and Entity Behavior Analytics in Preview—Microsoft Tech Community

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Special thanks to Sarah Young, Chi Nguyen, Ofer Shezaf, and Rafik Gerges for their input. 

¹ESG: Security Analytics and Operations: Industry Trends in the Era of Cloud Computing 2019.

The post 6 strategies to reduce cybersecurity alert fatigue in your SOC appeared first on Microsoft Security Blog.

For this blog, we will use the example of a current cybersecurity threat that spans every organization in every industry as an example of how to put this into practice. The emergence of human-operated ransomware has created an organizational risk at a pace we have not seen before in cybersecurity. In these extortion attacks, attackers are studying target organizations carefully to learn what critical business processes they can stop to force organizations to pay, and what weaknesses in the IT infrastructure they can exploit to do it.

This type of threat enables attackers to stop most or all critical business operations and demand ransom to restore them by combining:

• A highly lucrative extortion business model.
• Organization-wide impact utilizing well-establish tools and techniques.

Whilst this may be uncomfortable reading, the ability to pre-empt and respond quickly to these cyberattacks is now an organizational imperative that requires a level of close collaboration and integration throughout your organization (which may not have happened to date).

Because these attacks directly monetize stopping your business operations, you must:

• Identify and prioritize monitoring and protection for critical business assets and processes.
• Restore business operations as fast as possible, when attacked.

Applying this in a complex organization requires you to:

1. Know thyself: The first step towards resilience is identifying your critical business assets and processes and ensuring appropriate team members truly understand them so that appropriate controls can be implemented to protect and rapidly restore them. These controls should include business and technical measures such as ensuring immutable or offline backups (as attackers try to eliminate all viable alternatives to paying the ransom, including anti-tampering mechanisms).
2. This is not a one-time event: Your business and technical teams need to work together to continuously evaluate your security posture relative to the changing threat landscape. This enables you to refine priorities, build mutual trust and strong relationships, and build organizational muscle memory.
3. Focus on high-impact users: Just as your executives and senior managers have control and access over massive amounts of sensitive and proprietary information that can damage the organization if exposed; IT administrators also have access and control over the business systems and networks that host that information. Ransomware attackers traverse your network and target IT administrator accounts, making the seizure of privileged access a critical component of their attack success. See Microsoft’s guidance on this topic
4. Build and sustain good hygiene: As we discussed in our first blog, maintaining and updating software and following good security practices is critical to building resilience to these attacks. Because organizations have a backlog of technical debt, it’s critical to prioritize this work to pay off the most important debt first.
5. Ruthlessly prioritize: Ruthless prioritization applies a calm but urgent mindset to prioritizing tasks to stay on mission. This practice focuses on the most effective actions with the fastest time to value regardless of whether those efforts fit pre-existing plans, perceptions, and habits.
6. Look through an attacker’s lens: The best way to prioritize your work is to put yourself in the perspective of an attacker. Establishing what information would be valuable to an attacker (or malicious insider), how they would enter your organization and access it, and how they would extract it will give you invaluable insights into how to prioritize your investments and response. Assess the gaps, weaknesses, and vulnerabilities that could be exploited by attackers across the end-to-end business processes and the backend infrastructure that supports them. By modeling the process and systems and what threats attackers can pose to them, you can take the most effective actions to remove or reduce risk to your organization.
7. Exercise and stress test: This strategy will be tested by attackers in the real world, so you must proactively stress test to find and fix the weaknesses before the attackers find and exploit them. This stress testing must extend to both business processes and technical systems so that organizations build overall resilience to this major risk. This requires systematically removing assumptions in favor of known facts that can be relied upon in a major incident. This should be prioritized based on scenarios that are high impact and high likelihood like human-operated ransomware.

Whilst it’s tempting for experienced leaders and technical professionals to get caught up in how things have been done before, cybersecurity is a fundamentally disruptive force that requires organizations to work collaboratively and adopt and adapt the practices documented in Microsoft’s guidance.

“We cannot solve our problems with the same thinking we used when we created them.”—Albert Einstein

For all this to be successful, your organization must work together as a single coherent entity, sharing insights and resources from business, technical, and security teams to leverage diverse viewpoints and experiences. This approach will help you plan and execute pragmatically and effectively against evolving threats that impact all parts of your organization.

In our next blog, we will continue to explore how to effectively manage risk from the perspective of business and cybersecurity leaders and the capabilities and information required to stay resilient against cyberattacks.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Becoming resilient by understanding cybersecurity risks: Part 2 appeared first on Microsoft Security Blog.

For the last 17 years, the National Cybersecurity Awareness Month (NCSAM) campaign, driven by the Department of Homeland Security, has raised awareness about the importance of cyber security across the Nation with the mission of ensuring that all Americans have the resources they need to be safer and more secure online.

In alignment with this noble mission, Microsoft Security is providing educational content and executive speakers to empower our customers, employees and families. Tune into the CyberTalks recap to listen to the keynoted delivered by @Ann Johnson, Corporate Vice President of Security, Compliance and Identity, on how to future proof your security strategy.

Cyber security podcasts

In addition to the blog series that is taking over our blog in October, Microsoft Security is also sponsoring two security podcasts in CyberScoop.com we want to encourage our community to tune in and listen to both conversations.

• Available now: Enabling secure remote work by embracing Zero Trust—One of the greatest challenges we often hear from public and private sector CISOs, when it comes to achieving a Zero Trust IT operating environment, is the question of how to tackle such a massive undertaking—and where to begin. Tune in to listen to CTO, Steve Faehl, to learn more about Microsoft’s journey towards Zero Trust.
• Available October 19: Risk Reduction—Podcast featuring GM, Alym Rayani who delivers an in-depth conversation about compliance and its connection to security.

Additional security blogs to read

Government agency audit traceability

The reality today for many government agencies is there is no audit traceability to determine which email messages and content an attacker may have seen during a breached session into a user’s mailbox. The standard level of Office 365 auditing includes events that a user logged into their mailbox but does not include detailed information on the activity that occurs within the mailbox. As a result, organizations have no choice but to assume all content within the mailbox is compromised whether sensitive data or PII was viewed by the adversary. To learn more about how using Advanced Audit can help improve forensic investigation capability, read this blog from Matthew Littleton, Principal Technical Specialist on this Public Sector blog.

Top 5 security questions asked by US Government customers

In an era of remote work, end users wanted to collaborate with outside agencies but in a way that meant their data was secure. IT Admins wanted to know which configuration options best fit their organization’s security posture. CIO’s wanted to lean in and give their workforce the best in class technology, all while following US Government accreditation standards. The common theme in most questions asked by our customers was around security. Read more about the top 5 security questions asked by our US Government customers for Microsoft Teams.

October is my favorite time of year, between the change of season, Major League Baseball playoffs, and with football underway. It’s also National Cybersecurity Awareness Month, though with so many cyberattacks and incidents in the news, one month of dedicated focus hardly seems sufficient. Learn how Microsoft delivers on an end-to-end security strategy to reduce risk and deliver on its commitment to customers.

Working with the enemy

With so many external cyber threats facing Government agencies, it can be easy to overlook risks from insiders. Learn how Predictive Analytics can help agencies reduce risk and identify insider threats at scale.

To learn more about how to be #Cybersmart visit the cybersecurity website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post It’s Cybersecurity Awareness Month and there is still a lot to do appeared first on Microsoft Security Blog.

This rule of thumb on who should be accountable for risk helps illustrate this relationship:

The person who owns (and accepts) the risk is the one who will stand in front of the news cameras and explain to the world why the worst case scenario happened.

This is the first in a series of blogs exploring how to manage challenges associated with keeping an organization resilient against cyberattacks and data breaches. This series will examine both the business and security perspectives and then look at the powerful trends shaping the future.

This blog series is unabashedly trying to help you build a stronger bridge between cybersecurity and your organizational leadership.

Organizations face two major trends driving both opportunity and risk:

• Digital disruption: We are living through the fourth industrial revolution, characterized by the fusion of the physical, biological, and digital worlds. This is having a profound impact on all of us as much as the use of steam and electricity changed the lives of farmers and factory owners during early industrialization.
  Tech-disruptors like Netflix and Uber are obvious examples of using the digital revolution to disrupt existing industries, which spurred many industries to adopt digital innovation strategies of their own to stay relevant. Most organizations are rethinking their products, customer engagement, and business processes to stay current with a changing market.
• Cybersecurity: Organizations face a constant threat to revenue and reputation from organized crime, rogue nations, and freelance attackers who all have their eyes on your organization’s technology and data, which is being compounded by an evolving set of insider risks.

Organizations that understand and manage risk without constraining their digital transformation will gain a competitive edge over their industry peers.

Cybersecurity is both old and new

As your organization pulls cybersecurity into your existing risk framework and portfolio, it is critical to keep in mind that:

• Cybersecurity is still relatively new: Unlike responding to natural disasters or economic downturns with decades of historical data and analysis, cybersecurity is an emerging and rapidly evolving discipline. Our understanding of the risks and how to manage them must evolve with every innovation in technology and every shift in attacker techniques.
• Cybersecurity is about human conflict: While managing cyber threats may be relatively new, human conflict has been around as long as there have been humans. Much can be learned by adapting existing knowledge on war, crime, economics, psychology, and sociology. Cybersecurity is also tied to the global economic, social, and political environments and can’t be separated from those.
• Cybersecurity evolves fast (and has no boundaries): Once a technology infrastructure is in place, there are few limits on the velocity of scaling an idea or software into a global presence (whether helpful or malicious), mirroring the history of rail and road infrastructures. While infrastructure enables commerce and productivity, it also enables criminal or malicious elements to leverage the same scale and speed in their actions. These bad actors don’t face the many constraints of legitimate useage, including regulations, legality, or morality in the pursuit of their illicit goals. These low barriers to entry on the internet help to increase the volume, speed, and sophistication of cyberattack techniques soon after they are conceived and proven. This puts us in the position of continuously playing catch up to their latest ideas.
• Cybersecurity requires asset maintenance: The most important and overlooked aspect of cybersecurity is the need to invest in ‘hygiene’ tasks to ensure consistent application of critically important practices.
  One aspect that surprises many people is that software ‘ages’ differently than other assets and equipment, silently accumulating security issues with time. Like a brittle metal, these silent issues suddenly become massive failures when attackers find them. This makes it critical for proactive business leadership to proactively support ongoing technology maintenance (despite no previous visible signs of failure).

Stay pragmatic

In an interconnected world, a certain amount of playing catch-up is inevitable, but we should minimize the impact and probabilities of business impact events with a proactive stance.

Organizations should build and adapt their risk and resilience strategy, including:

1. Keeping threats in perspective: Ensuring stakeholders are thinking holistically in the context of business priorities, realistic threat scenarios, and reasonable evaluation of potential impact.
2. Building trust and relationships: We’ve learned that the most important cybersecurity approach for organizations is to think and act symbiotically—working in unison with a shared vision and goal.
   Like any other critical resource, trust and relationships can be strained in a crisis. It’s critical to invest in building strong and collaborative relationships between security and business stakeholders who have to make difficult decisions in a complex environment with incomplete information that is continuously changing.
3. Modernizing security to protect business operations wherever they are: This approach is often referred to as Zero Trust and helps security enable the business, particularly digital transformation initiatives (including remote work during COVID-19) versus the traditional role as an inflexible quality function.

One organization, one vision

As organizations become digital, they effectively become technology companies and inherit both the natural advantages (customer engagement, rapid scale) and difficulties (maintenance and patching, cyberattack). We must accept this and learn to manage this risk as a team, sharing the challenges and adapting to the continuous evolution.

In the coming blogs, we will explore these topics from the perspective of business leaders and from cybersecurity leaders, sharing lessons learned on framing, prioritizing, and managing risk to stay resilient against cyberattacks.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Becoming resilient by understanding cybersecurity risks: Part 1 appeared first on Microsoft Security Blog.

“People are both my first and last line of defense” –Bret Arsenault, Microsoft Chief Information Security Officer

Now as we kick off Cybersecurity Awareness Month, it’s worth taking a moment to reflect on the purpose of this initiative and how Microsoft is helping to empower people around the world with seamless, integrated security. We want to help to create a safer world for everyone so that online learning, remote work, community building, and even shopping online can be enriching experiences.  

My first 12 calendar weeks at Microsoft have been packed—from my first introduction at Microsoft Inspire to sharing our security, compliance, and identity innovations at Microsoft Ignite last week. In between, we’ve shared insights from our customers about their journeys to create a more secure workplace during this time of global transformation. I’m committed to listening and learning from all of you, and excited to share my enthusiasm for this dynamic industry.   

Throughout October, Microsoft will join the National Cybersecurity Alliance and other industry partners to promote online safety for consumers and businesses. I’m energized to share our plans to empower people and organizations worldwide and invite you to learn more about our efforts.  

Security awareness for all

Most of us think we’re too smart to fall for a phishing scam, and our confidence only grows when we’re logged onto a company network. Statistics show that nearly one in three security breaches starts with a phishing attack, costing the affected organization an average of $1.4 million. With the rise in people working from home, new attacks such as consent phishing have cropped up to take advantage of remote workers dealing with home-life distractions. Terranova has partnered with Microsoft to create the Gone Phishing Tournament™ during October, using real lures (phishing emails) to capture accurate click-through statistics—providing organizations with data-backed insights to grow their security awareness programs. 

Microsoft security help and learning will feature five new articles during October—localized for 36 languages and updating every Monday—each covering security topics that affect all types of users. The first of which, 3 easy tips to improve cybersecurity, provides information on how to uninstall unused apps that might be compromising your security, as well as how to get rid of unwanted browser extensions. Visitors also learn how to do a deep scan for malware using Microsoft Defender Offline and how to reset their devices to factory settings using Windows 10.  

This week of October 5, “Keys to the kingdom: Securing your devices and accounts” explains how multifactor authentication (MFA) works, as well as the advantages of using the free Microsoft Authenticator app to secure your smartphone. Look for more articles on secure networking, scams and attacks, and backup and recovery to follow throughout the month. Year ‘round, the Microsoft security help & learning page is updated with educational content for students, parents, remote workers and anyone who wants to arm themselves with up-to-date information on protecting against cyber threats.  

Cybersecurity workshops

Microsoft Store will also be running virtual workshops throughout the month of October in support of Cybersecurity Awareness Month. Attendees for “Work safer and smarter with Microsoft 365” will learn how Microsoft 365 Business helps safeguard their data and lowers security risks with Windows Defender and Windows 10 device management, as well as providing app protection for Office mobile apps on iOS and Android—including a single login for all apps and services.  

“Work better together with Microsoft Teams” enables users to experience the flexibility and highly secure access Teams delivers for organizations of any size. Both workshops feature a security component designed to help users stay safe and secure online. Microsoft will also feature cybersecurity resources and content on our new Small and Medium Business (SMB) Resource Center, launching today, October 5. Delivered the same week, our first SMB newsletter will also include cybersecurity information and resources. 

Diverse hiring for smarter AI

Building diverse cyber teams is a major source of passion and advocacy for me. It isn’t just the right thing to do; it gives us a strategic advantage as a company and as a defender against threat actors worldwide who would seem to sew confusion and harm. How? AI remains one of the best tools to confront cyber threats. But effective, responsible AI requires the input and ideas of a diverse group. This diversity of thought is not just about gender or ethnic diversity. It’s both of those, certainly, but so much more. Effective AI requires diversity of experiences, cultures, opinions, education, perspectives, and many other factors. On a team where everyone has similar skills and backgrounds, members risk sinking into groupthink and losing creativity. Data shows that diverse teams make better decisions than individuals 87 percent of the time. And it makes perfect sense. If we’re building solutions for all, we need to include all in the building of those solutions.  

By ensuring diversity in our teams, we help create AI systems that warrant people’s trust—while moving closer to future–proofing against bias in tech. At Microsoft, we’ve forged partnerships, created initiatives, and built in transparency as part of our holistic approach to address systemic issues contributing to the low representation of women in cybersecurity. Listen to the podcast session where Bret Arsenault, Microsoft CISO  talks with Ann Johnson, Corporate Vice President of Business Development, Security, Compliance & Identity at Microsoft, about why investing in diverse teams isn’t just the right thing to do—the future of cybersecurity depends on it. And be sure to watch our panel discussion, “Future Proofing Against Bias,” happening October 21 at EWF (Executive Women’s Forum).  

Microsoft is working every day to help empower users to achieve more while staying safe and secure.   Behind our technical innovations are people hungry to do more. We want to create an inclusive world where every human being can be a cybersecurity hero. For more information on how you can enable your security team and organization to be #cybersmart, visit our cybersecurity website.   

To learn more about Microsoft Security solutions visit the Microsoft Security  website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity and please reach out to me on Linkedin or follow me at @vasujakkal.  

The post 3 ways Microsoft helps build cyber safety awareness for all appeared first on Microsoft Security Blog.

This blog examines the current state of security awareness training, including how you can create an intelligent solution to detect, analyze, and remediate phishing risk. You’ll also learn about an upcoming event to help you get data-driven insights to compare your current phishing risk level against your peers.

A new reality for cybersecurity

The Chief Information Security Officer (CISO) at a modern enterprise must contend with a myriad of threats. The hybrid mix of legacy on-premises systems and cloud solutions, along with the proliferation of employee devices and shadows, means your security team needs a new and comprehensive view of phishing risk across the organization. Self-reported training completion metrics don’t provide insights into behavior changes or risk reduction, leading CISOs to distrust these metrics. Improvement in employee behavior becomes difficult to measure, leaving them anxious that employee behavior has improved at all.

Many information workers view security awareness training as a tedious interruption that detracts from productivity. Often when an employee is compromised during a simulated attack, they find the ensuing training to be punitive and navigate away from the training like nothing happened. Worse, simulations are often out-of-context and don’t make sense for the employee’s industry or function.

People-centric protection

Making secure behaviors a part of people’s daily habits requires a regular program of targeted education combined with realistic simulations. That means regular breach and attack simulations against endpoints, networks, and cloud security controls. Microsoft Defender for Office 365 now features simulations to help you detect and remediate phishing risks across your organization. Attack Simulation Training in Microsoft Defender for Office 365, delivered in partnership with Terranova Security, helps you gain visibility over organizational risk, the baseline against predicted compromise rates, and prioritize remediations. To learn more about this capability, watch the product launch at Microsoft Ignite 2020

Terranova Security employs a pedagogical approach to cybersecurity, including gamification and interactive sessions designed to engage users’ interest. The simulations are localized for employees around the world and follow the highest web content accessibility guidelines (WCAG) 2.1. You will be able to measure employee behavior changes and deploy an integrated, automated security awareness program built on three pillars of protection:

• Simulate real threats: Detect vulnerabilities by using real lures (actual phishing emails) and templates, training employees on the most up-to-date threats. Administrators can automate and customize simulations, including payload attachment, user targeting, scheduling, and cleanup. Azure Active Directory (AAD) groups automate user importing, and the vast library of training content enables personalized training based on a user’s vulnerability score or simulation performance.
• Remediate intelligently: Quantify your social engineering risk across employees and threat vectors to accurately target remedial training. Measure the behavioral impact and track your organization’s progress against a baseline compromise rate. Set up automated repeat offender simulations with the user susceptibility metric and add context by correlating behavior with a susceptibility score.
• Improve your security posture: Reinforce your human security system with hyper-targeted training designed to change employee Attack Simulation Training in Microsoft Defender for Office 365 provides nano learnings and micro learnings” to cater to diverse learning styles to reinforce awareness.

Check your threat level

Coinciding with National Cyber Security Awareness Month (NCSAM),  Terranova will release the results at the end of October from their the Terranova Security Gone Phishing Tournament™. This popular event helps security leaders get an up-to-the-minute picture of their organization’s phishing click rate. Terranova launched this campaign back in August and supplied a free phishing simulation for its applicants and enabled them to benchmark themselves against their peers, giving them accurate click-rate data for comparison.

Co-sponsored by Microsoft, the Terranova Security Gone Phishing Tournament uses an email template from Attack simulation training—a new capability of Office 365 ATP releasing later this year—that acts as an intelligent social engineering risk management tool using context-aware simulations and targeted training.

To learn more about Microsoft Security solutions, visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Why integrated phishing-attack training is reshaping cybersecurity—Microsoft Security appeared first on Microsoft Security Blog.