It’s challenging to prioritize focus in a rapidly evolving threat landscape. Industry news cycles often highlight the latest concerns that defenders need to be aware of – whether it’s the rise in ransomware, attacks by state-sponsored threat actors, or spillover effects from hybrid war. However, no matter what the latest top threat may be, there are durable and concrete steps organizations can take to improve their security posture. Microsoft is committed to helping customers cut through the noise and proactively secure themselves against threats. In that spirit, we are sharing recommendations and best practices that organizations can put into practice, no matter where they are in their security journey. Here are some best practices to help build resilience against today’s and tomorrow’s threats.
Using cybersecurity to help manage volatility in the global threat landscape
Basic security hygiene protects against 98% of attacks.1 The first step in any cyber security strategy is to harden all systems by following basic principles of cyber hygiene to proactively protect against potential threats. Microsoft recommends ensuring you have taken the following steps:
- Enable multifactor authentication
- Apply least privilege access and secure the most sensitive and privileged credentials
- Review all authentication activity for remote access infrastructure
- Secure and manage systems with up-to-date patching
- Use anti-malware and workload protection tools
- Isolate legacy systems
- Enable logging of key functions
- Validate your backups
- Verify your cyber incident response plans are up to date
We have developed extensive resources and best practices for customers of Microsoft solutions that provide clear actionable guidance for security-related decisions. These are designed to help improve your security posture and reduce risk whether your environment is cloud-only, or a hybrid enterprise spanning cloud(s) and on-premises data centers. Microsoft’s Security Best Practices covers topics such as governance, risk, compliance, security operations, identity and access management, network security and containment, information protection and storage, applications, and services. All the materials, including videos and downloadable presentations, can be found here: Microsoft Security Best Practices
Ransomware has been on the rise and human-operated ransomware attacks can be catastrophic to business operations. They are difficult to clean up and require complete adversary eviction to protect against future attacks. Our ransomware specific technical guidance is designed to help prepare for an attack, limit the scope of damage, and remove additional risks. We offer a comprehensive view of ransomware and extortion, including guidance on how to protect your organization in our human-operated ransomware mitigation project plan. This and additional technical recommendations can be found here: Protect your organization against ransomware and extortion
While these attacks are technical in nature, they have a significant human impact as well. It’s humans who do the work of integrating and using technologies and it’s humans who triage, investigate, and remediate the damage done in the case of an attack. It’s critical to focus on simplifying the human experience by automating and streamlining systems and processes. This helps reduce the stress and burnout risk that plagues security teams (especially during major incidents).
It’s also important for security teams to always be thinking about business priorities and risks. By proactively looking at security risk from a business perspective, organizations can stay focused on what’s important to the organization and avoid wasted effort and distractions.
The following are recommendations on how to build and adapt a risk and resilience strategy:
- Keep threats in perspective: Ensure stakeholders are thinking holistically in the context of business priorities, realistic threat scenarios, and reasonable evaluation of potential impact.
- Build trust and relationships: Microsoft has learned that security teams must work closely with business leaders to understand their context and share a relevant security context. When everyone is working toward a shared goal of building a trusted digital fabric that meets security and productivity requirements, friction levels drop, and everyone’s work becomes easier. This is especially true for incidents. Trust and relationships can be strained in a crisis like any other critical resource. Building strong and collaborative relationships during the quiet times between security incidents allows people to work together better during a crisis (which often requires making tough decisions with incomplete information).
- Modernize security to help protect business operations wherever they are: Zero Trust is the essential security strategy for today’s reality and helps enable the business. Modernization is particularly beneficial for digital transformation initiatives (including remote work) versus the traditional role as an inflexible quality function. Applying Zero Trust principles across corporate resources can help secure today’s mobile workforce—protecting people, devices, applications, and data no matter their location or the scale of threats faced. Microsoft Security offers a series of targeted evaluation tools to help you assess the Zero Trust maturitystage of your organization.
- [1]
Microsoft Digital Defense Report, October 2021