Image source: Shutterstock
Microsoft says telemetry from its Defender for Endpoint, Cloud Apps, Identity, Office 365 and other sources shows organizations can protect against almost all attacks with a few fundamental security practices.
Organizations can protect against 99%–or nearly all—attacks by implementing a handful of basic security practices, a new Microsoft study has found.
Microsoft’s Digital Defense Report 2023 is based on telemetry from the company’s Defender suite of security products, Azure Identity Protection and Microsoft Defender Threat Intelligence service. The data includes data from 135 million managed devices, over 300 threat groups and 65 trillion signals and from over 10,000 security and threat intelligence experts around the world.
Here according to Microsoft, are 5 controls you cannot afford not to have:
Multifactor Authentication (MFA): Despite a handful of recent incidents where threat actors were able to bypass MFA, having two—or more—ways to authenticate users can protect organizations against attacks involving the use of compromised credentials. For context: 86% of the 1,287 Web application attacks that Verizon investigated in its 2023 Data Breach Investigations Report, involved the use of stolen credentials. Microsoft’s analysis showed that MFA can reduce risk of compromise by 99.2%.
Applying zero-trust principles for network access: Primarily what that means is having controls for verifying that users and devices are secure before permitting access to enterprise resources and data; using least privileged access principles; and adopting a security posture where you assume your systems are already breached (assume breach).
Implementing extended detection and response controls: XDR tools that collect, correlate and analyze data across endpoints, networks, cloud environments and other sources can help organizations respond to threats in a timely fashion.
Keeping systems and software up to date: Though phishing and credential misuse are top initial access vectors, attackers also routinely exploit software vulnerabilities to break into enterprise networks and applications. A Kaspersky study earlier this year found that in nearly 43% of attacks in 2022, threat actors gained initial access to an enterprise network by exploiting a web app vulnerability. Last December, the US Cybersecurity and Infrastructure Security Agency (CISA) also warned of vulnerabilities in web-facing applications as being a top initial access vector.
Knowing where your data is located: The accelerating adoption of cloud services and remote workforce models has resulted in enterprise data getting scattered across internal, public cloud and hybrid environments. Knowing where your critical data is located and keeping track of it across these environments is critical to protecting it.