Cyber attacks continued to increase in volume and sophistication in 2021. Ransomware continues its merciless path across industries, often endangering lives. Ransomware attacks also became easier to carry out with the toolkit, as in the case of the Colonial Pipeline attack that disrupted many businesses and daily lives. Indeed, the FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021, a 62% year-over-year increase.
As most organizations migrate to hybrid work environments as a result of the pandemic, the attack surface has dramatically expanded beyond corporate boundaries, further exposing organizations to cyber threats. CISOs and other cybersecurity leaders face the twin challenges of enabling digital transformation and adapting to a rapidly expanding threat landscape. This is reinforcing the need for a comprehensive security approach that aligns with business priorities.
What happens when security leaders have a comprehensive security approach based on zero-trust principles? They can be fearless, armed with the ability to secure everything without limits. Let’s take a look at four ways we’ve seen organizations manage a comprehensive security approach.
Committed to a zero-trust policy
Today’s organizations need a security model that adapts to the complexity of modern environments, embraces the hybrid workplace, and protects people, devices, apps and data wherever they are. That’s what you get when implementing a zero-trust approach based on the three guiding principles of explicitly verify, use least-privilege access, and assume breach. Instead of trusting that everything behind a corporate firewall is secure, the zero-trust model assumes a breach and verifies every request as if it originated from an arbitrary network.
Microsoft’s zero-trust approach is designed to reduce risk at every opportunity in the digital estate, including identity, endpoints, applications, networks, infrastructure and data. This means that every transaction must be proven to be verified and trusted before it can be transacted. This approach is consistent with industry standards such as The Open Group’s recently released Zero Trust Commandments and NIST’s Zero-Trust Architecture.
Zero Trust takes a fresh look at all your security topics, including access control, asset protection, security governance, security operations, and innovation security (eg DevSecOps). Architecturally, this leads to automated enforcement of security policy, correlation of signals across systems, and comprehensive security automation and orchestration to reduce manual labor and effort.
Manage compliance, risk and privacy
Organizations constantly access, process and store massive amounts of data — which is only growing with business innovation. In addition, organizations now face an ever-expanding landscape of data regulations, leading to increased complexity and compliance risk. Organizations should look for tools that translate complex rules and standards into simple language, map controls and recommend improvement actions in the form of step-by-step guidance.
Additionally, many organizations still use a manual process to find out how much personal data they have stored; Thus, they lack actionable insights to help mitigate security and privacy risks. With a privacy management tool, organizations can identify critical privacy risks, automate privacy operations, and empower employees to be smarter when handling sensitive data.
Use a combination of XDR + SIEM tools
SecOps sifts through ever-growing mountains of data to detect and detect today’s attacks.
We’ve found that SecOps teams excel with deep analytics, comprehensive visibility, and a combination of orchestration and automation at:
- Extended search and response (XDR) tools provide deep insights and high-quality detections that allow SOCs to spend time on real attacks instead of chasing false alarms (false positives).
- Security information and event management (SIEM) tools help security operations gain a broad view of the entire environment and avoid “swivel chair analytics” from working on different consoles.
- Security Orchestration, Automated, and Response (SOAR) tools help reduce analyst burnout by automatically investigating and remediating attacks and orchestrating repetitive tasks across tools.
The integration of these three types of tools ultimately helps organizations stay ahead of today’s complex and rapidly evolving threat landscape.
Using MFA whenever and wherever possible
Multifactor authentication (MFA) is an essential tool for securing access to critical resources in an organization. MFA adds a layer of protection to the sign-in process that passwords alone cannot provide. While MFA doesn’t stop all attacks, it does a wonderful job of taking password-attack techniques off the table. Password attacks are typically automated, resulting in large-scale attacks that allow attackers access to systems. Organizations using MFA tools are better protected by additional identity verification when accessing accounts or apps.
In a world of remote and hybrid work, taking a comprehensive approach to security with a zero-trust policy makes an organization more resilient to the constant drumbeat of cyber attacks. Microsoft is committed to enabling the world with end-to-end security solutions, architectural guidance, insights and education, security program best practices, and more.