Hybrid and remote work policies mean that employees are accessing and sharing company data from multiple locations and devices. From creating spreadsheets on a desktop computer in the office, joining a meeting on a laptop from home or answering emails via a phone on the go, modern work habits contribute to an increased attack surface for potential cyber threats. This multiplies the opportunities for unauthorised access to sensitive information.
Political unrest is exacerbating the challenge. “Threats to digital peace have reduced trust in technology and highlighted the urgent need for improved cyber defences at all levels,” says Tom Burt, corporate vice president of customer security and trust at Microsoft, in the Microsoft Digital Defense Report 2023.
The report states that the vast majority of successful cyberattacks could be thwarted by implementing a few fundamental security hygiene practices. By adhering to minimum-security standards, it is possible to protect against over 99 per cent of attacks.
Organisations are increasingly applying zero-trust principles to all network access, ensuring that every request is fully authenticated, authorised and encrypted, regardless of where it originates or which device is being used.
According to Microsoft’s Zero Trust ebook, Four Ways to Better Secure Your Hybrid Workplace, which names security as the number one challenge for managing a hybrid workplace, the concept of zero trust “treats every attempt at access, regardless of identity or endpoint, as though it’s coming from an open network”. This means that each request for access undergoes rigorous verification prior to approval where security teams follow the approach to “never trust, always verify”. The result is a strong security system built to stop and prevent attackers who try to take advantage of security flaws that might appear when people and devices work outside the usual office environment.
To achieve a zero-trust approach to security, businesses need to consider the following steps: understand attack surface, review data protection laws, define access controls and plan disaster recovery.
Realising the vulnerabilities and policies
The first step to zero trust requires businesses to map out their hybrid enterprises. This helps to visualise all the assets that need protecting, which will increase as more firms implement bring-your-own-device policies. Scenarios where there is a high turnover of staff or sudden influx of staff will result in more endpoints at risk too. Take the retail industry’s increase in temporary staff during holiday shopping seasons, for example. With many employees given access to point-of-sale systems and inventory databases, the quick onboarding and offboarding processes can leave critical systems exposed to threats if proper cybersecurity protocols are not put in place.
Insider Risk Management in Microsoft Purview helps to identify and act on malicious or inadvertent user activities. The tool gives an “aggregate view of anonymised user activities to help quantify the level of risk inside an organisation and see data exfiltration patterns to help decide and prioritise policies to put in place,” says Talhah Mir, principal product manager for Purview Insider Risk Management and data security at Microsoft. “It shows the percentage of data exfiltration activities by users and the top exfiltration activities in play by users, from files copied to USB, emails being sent outside of the organisation and more.”
In November 2023, global insurance firm WTW had 55,000 workstation devices and more than 200 subscriptions across its workforce. To protect all its attack surfaces, it worked with Microsoft Intelligent Security Association member BlueVoyant to deploy Purview, as well as Microsoft Defender for Endpoint and for Cloud to protect its workloads.
The Microsoft solutions also helped WTW to review data protection laws to ensure it is compliant and safeguarding user data effectively across all its lines of business. Compliance Manager in Purview enables WTW to simplify compliance and reduce risk by providing pre-built assessments for common industry and regional standards and regulations, or custom assessments to meet unique compliance needs.
WTW uses Microsoft Entra, Defender and Purview to implement a zero-trust strategy for security
Enhancing security with access controls
Least-privilege access is a key step in zero-trust strategy where a user is given the minimum levels of permissions needed to perform their job functions. A hacker would therefore also only have access to a limited amount of company data, enabling the company to contain the impact of a security breach.
Least-privilege access has been likened to a submarine with a hull that is divided into compartments, to ensure it remains seaworthy even if there’s a breach. Because the submarine’s hull is compartmentalised, any problem stays isolated in just part of the vessel.
Security teams can prevent overprivileged applications by revoking unused and reducible permissions, which have the potential to provide unauthorised or unintended access to data that is not required by the application or its users to perform their jobs. To avoid the security risks posed by unused and reducible permissions, businesses need to grant only the appropriate permission. They can do this with the user and administrator consent tools in Microsoft Entra ID.
WTW will use the solution to gain insight into the abuse of administrative privileges. “Devices are a really important aspect of identities,” says Paul Haywood, chief information security officer at WTW. “We’ll use Entra ID tools to manage identities and complement our other Microsoft identity solutions.”
This focus on identity and device management is becoming increasingly critical. Microsoft’s Digital Defense Report found that attempted password attacks increased more than tenfold in 2023, from around three billion per month to over 30 billion. All passwords are susceptible to hacking but multifactor authentication (MFA) “protects against compromised user passwords and helps to provide extra resilience for identities,” says the report.
Entra MFA works by requiring two or more of the following authentication methods: a password, a trusted device like a phone or hardware key, and biometrics like a fingerprint or face scan. This reduces the risk of compromise by 99.2 per cent, according to real world attack data from Entra.
Business continuity
Brad Smith, vice chair and president of Microsoft, suggests that cyberattacks will continue to increase.
“Since September 2022, we estimate that ransomware attempts have increased by more than 200 per cent,” he says, in a blog post titled ‘A new world of security’. “While firms with effective security can manage these threats, these attacks are becoming more frequent and complex, targeting smaller and more vulnerable organisations, including hospitals, schools and local governments. More than 80 per cent of successful ransomware attacks originate from unmanaged devices, highlighting the importance of expanding protective measures to every single digital device.”
According to Brad Smith, cyberattacks will continue to rise
With attacks on the rise, businesses have been unable to hire enough cyber-risk professionals to keep pace. One potential solution is to deploy artificial intelligence tools to search for well-disguised attacks and help keep operations running. Microsoft Security Copilot, for example, empowers security teams to see what is happening in their environment to correlate threat activity and make more informed incident response decisions.
Software company Enverus, for example, participated in the early-access programme for the solution and uses it to assess approximately 500 gigabytes of data per day, so that it can focus on its security awareness programme. The firm has been able to save up to 40 per cent of time to complete core tasks like investigations and hunting, and 60 per cent of time on reporting.
“Today the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against relentless and sophisticated attackers,” adds Vasu Jakkal, corporate vice president of Microsoft Security. “With Security Copilot, we are shifting the balance of power into our favour. Security Copilot is the first and only generative AI security product enabling defenders to move at the speed and scale of AI.”
Jakkal adds that cybersecurity is an ongoing process without a one-time fix. It’s a “journey that should be integrated into every stage of an organisation’s modernisation,” she says, in a post on LinkedIn. “In today’s world you cannot do digital transformation without cybersecurity transformation.”
Partner perspectives
We asked selected Microsoft partners how their security tools and strategies safeguard businesses against cyber threats.
“Check Point CloudGuard, a Microsoft Azure-certified solution and part of the Infinity platform, enables businesses to seamlessly secure workloads and connectivity across cloud and on-premises environments and leverage industry leading threat prevention,” said Mark Eastman, head of global cloud alliances at Check Point Software Technologies.
“Combining our security expertise with Microsoft’s powerful platform provides best-in-class access management and threat intelligence which enhances an organisation’s defences. Delinea is also aligning with Microsoft as one of its most strategic security partners, innovating to seamlessly integrate privileged access management into the fabric of Security Copilot,” said Tim Puccio, senior vice president of global channels and alliances at Delinea.
“Our partnership with Microsoft ensures we offer unparalleled expertise, service quality and speed. Programmes like MISA and Managed Extended Detection and Response, as well as direct links with Microsoft’s product team, enhance our ability to best meet customer needs and expectations,” said Julien Menissez, security product manager at Orange Cyberdefense.
“As a leading member of MISA, Secude embeds Microsoft’s zero-trust protection and data governance into SAP data exports and computer-aided design files from the point of creation. By extending Microsoft’s powerful security technology to these important types of data, we safeguard governmental, business and employee data,” said Mario Galatovic, CEO at Secude.
“Through a strategic partnership with Microsoft, Secured2 integrates seamlessly with platforms like Microsoft Office 365, enhancing enterprise security frameworks. This integration leverages Microsoft’s extensive cloud infrastructure and Secured2’s technology, creating an impenetrable shield against both current and future digital threats,” said Daren Klum, CEO at Secured2.
“An essential component of zero trust is validating user identity via multi-factor authentication, and this is where partnerships with Microsoft – to integrate with the Entra ID (formerly Azure Active Directory) platform – are immensely beneficial,” said Chris McCormack, director of product marketing at Sophos.
“As a Microsoft security solution partner, Synergy Technical integrates Microsoft’s security technologies into our core services, ensuring businesses are protected from cyber threats. We create a robust security infrastructure tailored to every business need by leveraging the Purview suite of security tools,” said Clay Westbay, vice president of delivery at Synergy Technical.
“Teleport Access Platform delivers on-demand, least privileged access to infrastructure on a foundation of cryptographic identity and zero trust, with built-in identity security and policy governance,” said Ev Kontsevoy, co-founder and CEO at Teleport.
“Tiger Surveillance uses our Continuous Data Protection technology to facilitate near-instantaneous replication of video recordings to Azure. Should a disaster occur, we can swiftly reconstruct a local file system by downloading only metadata from Azure, allowing video recordings to be streamed directly from the immediate Azure cloud tier,” said Lance Kelson, CEO of Tiger Surveillance.
Read more from these partners in the Spring 2024 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.