Inside the Microsoft Digital Defense Report

Microsoft's Digital Defense Report touches on several hot topics in modern cyber security and what they mean for your business. 

Microsoft Digital Defense Report

Understanding what is happening in the world of cyber security is essential when it comes to protecting your business’s devices, programs, and digital assets from a wide variety of potential threats. Microsoft’s Digital Defense Report touches on several hot topics in modern cyber security and what they mean for your business.

Current State of Cyber Crime

Both cybercrime and the types of cyber security that are available to target it have become significantly more sophisticated in recent years. While phishing remains the most common type of email scam by far, there are currently more than 25 other types of malicious email techniques that can be used to gain unauthorized access to information or devices and use those resources against a business or its customers. New phishing sites are constantly being developed, but they are being shut down nearly as quickly. In fact, over 15,000 phishing sites were neutralized within a three-month period.

Both individuals and businesses are also becoming better at knowing how to recognize potential phishing threats. Many businesses have implemented training courses, seminars, and other techniques for keeping their employees up to speed with knowing what to look for in the most modern phishing scams and other cyber security threats, and this diligence has cut down on employees’ overall susceptibility to a wide range of potential cyber threats by approximately 50 percent each year.

Cyber Crime Services and Prices

Cybercrime is not always executed directly by the attacker. Companies or individuals that wish to attack a business can pay a professional-level cyber attacker who is knowledgeable about launching successful cyberattacks and circumventing many types of cyber security measures. These attackers are often paid an average of $250 per attack, and they cover everything from denial of service attacks, ransomware, and spearphishing to login credentials and PC compromising.

Nation State Threats

Like many types of cyber security threats, nation-state threats have become more difficult to detect in recent years. This means that these threats tend to cause more damage before they are discovered than they might if they were easier to recognize, and other attackers have begun to model their techniques after successful nation-state threats.

According to Microsoft, the United States, Ukraine, and the United Kingdom are currently among the most common targets of nation-state threats, particularly in the government, NGO, and think tank sectors. Nobelium, Thallium, and Phosphorus are among the most active nation-state activity groups.

Supply Chain, IoT, and OT Security

Although supply chain, IoT, and OT security have often been kept relatively separate in the past, Microsoft is emphasizing the need to shift toward taking a more holistic approach to keeping each area secure by considering multiple areas at the same time. Because many types of cyber security threats can affect each of these groups in similar ways, Microsoft recommends that businesses think about how they might be able to apply multiple layers of defense to their full systems instead of focusing so much on methods that are intended for individual areas. This way, businesses can get more out of each aspect of their cyber security investment that they are able to use to protect more than one part of their businesses.

Taking this approach gives businesses a more well-rounded approach to securing their devices. According to Microsoft, weak passwords are a major indicator of accounts that are most likely to experience cyber security problems. With over 20 million devices identified over just 45 days that still had the default password of “admin,” as well as other weak and obvious passwords, many of the poor decisions that leave businesses the most vulnerable to potential cyber-attacks also apply to a wide range of areas and are quite easy to fix.

Hybrid Workforce Security

With many major companies considering a permanent hybrid workplace model instead of having all employees return to being in the office five days a week, new security issues are a more pressing concern than ever. Although businesses have been vulnerable to cyber security threats for as long as they have utilized the internet as part of accomplishing their everyday tasks, this vulnerability has increased exponentially over the past year and a half alongside the sharp increase in remote and hybrid work models.

Because phishing is currently responsible for approximately 70 percent of cyberattacks, being diligent about ensuring that everyone at your hybrid company knows signs to look for is a must in order to prevent inadvertently allowing unauthorized access to sensitive information about your company or customers. Making sure that everyone at your company is properly taking basic cybersecurity measures, such as creating proper passwords and keeping them secure, is also essential. Companies also need to be cautious about ensuring that “reliable” sources are actually reliable, as dangerous software and phishing scams are increasingly disguised as legitimate updates to your real software.

Keeping your software updated on your own is another important step in ensuring that it is properly protected and not vulnerable to cyber security gaps.

Disinformation

Cyber attackers have also increased both the spread of legitimate disinformation and the attempt to censor legitimate information by labeling it as disinformation in recent months. In order to successfully filter through the varying levels of information, you may encounter, familiarizing yourself with the differences between misinformation that is spread with good intentions, true disinformation that is maliciously spread with the goal of harming companies, and true information that is labeled as disinformation by attackers or even companies that attempt to control what you believe is a must.

Being diligent about any strong claims you read and where they are coming from can help you ensure that the information you are consuming and sharing with your employees.

At BC Networks, we prioritize connecting businesses with the latest information about everything that is happening in the world of cyber security, and Microsoft’s latest Digital Defense Report outlines several of the latest developments to keep in mind when evaluating and adjusting your organization. Contact us today for more information about any of these topics or to get started with working with us for all your business’s cyber security needs!