Alissa Whitney outlines the highlights of Microsoft’s 24th Security Intelligence Report
At the end of February, Microsoft released the 24th edition of its Security Intelligence Report (SIR). The comprehensive document contains important trends, insights and defensive techniques to guide users and firms in their cybersecurity efforts.
The SIR focuses on areas such as the declining amount of ransomware cases, the increase in cryptocurrency mining exploits and a surge in supply chain attacks.
The latter in particular has become a pressing issue. Take the 2017 NotPetya attack, for example, which caused billions of pounds worth of damage across many different countries. The perpetrators targeted supply chain firms in Ukraine, which affected the operations of global giants such as consumer goods company Reckitt Benckiser, Maersk, US-based Nuance Communications and many other multinational firms. In addition, in 2018 the crew behind the SamSam ransomware made US$5.9 million from ransom payments from 233 victims from the UK, Belgium, US and Canada.
According to the Microsoft report, supply chain attacks are insidious because they take advantage of the trust that users and IT departments place in the software they use. “By poisoning software and undermining delivery or update infrastructures, supply chain attacks can affect the integrity and security of goods and services that organisations provide.”
The SIR report provides a number of pointers on the best security practices to stave off cyberattacks. It explains how low-cost preventative controls, such as security hygiene and protecting privileged administrator accounts, are important in order to keep off “cheap and effective attack techniques.”
The report adds that there must be regular security updates for every software and hardware in the network. These include browsers, operating systems and e-mails. Secure gateways for e-mails, for instance, prevent phishing and its more sophisticated variations.
The report also reminds firms to practice application whitelisting, which involves preventing certain users from accessing programs, depending on their role in the company. With regards to company data, the '3-2-1 rule' was mentioned, which pertains to keeping three backups of data using two different storage types. It's advisable that at least one is an offsite storage, which means having updated copies of company data in a secure, encrypted remote server in another location.
Finally, the report highlights the importance of employee training, particularly in terms of responding to suspicious external requests for information and instilling cybersecurity awareness. According to the Cyber Security Breaches Survey 2018, almost half of British companies have experienced cybersecurity attacks in 2018, most of which have been staged through fraudulent emails. This indicates that most breaches happen because of basic security mishaps.
What all this means is that security should be reinforced across every aspect of operations. This is particularly important for the supply chain, which relies on highly-centralised and heavily-integrated systems that have multiple points of entry. Preventative measures should be established and applied from the warehouse all the way to delivery and fleets.
Warehouse security, for instance, can be increased through the principle of least privilege. Ground-level employees interacting with the system can be given limited access and no local administrator privileges. Meanwhile, fleet security can be enhanced with an updated and segmented telematics network.
Fleet safety benefits owners in three main ways. Verizon Connect identifies these as “helping to minimise downtime whenever equipment goes missing, cut down on the actual replacement costs (after insurance) associated with the asset and helps prevent increases in insurance premiums.” These can be achieved with the help of effective preemptive measures, which start with a keen and prepared workforce. This is especially true for field workers like delivery personnel who are constantly connected to a network given the nature of their job. Even the smallest vulnerability should be taken seriously.
Microsoft concluded its report by discussing the increasing proliferation of cloud migration and the internet of things (IoT). In a previous article, The Record tackled how said innovations lead to improvements in key industries such as agriculture. With cloud and IoT technology allowing industries to expand the supply chain (e.g. reach more isolated areas), the likelihood is that bigger and more complex networks will be created. Needless to say, such developments also come with more exploitable elements.
Microsoft’s report, therefore, underscores an inevitable trend in cybersecurity that will challenge companies and security personnel in the near future.
Alissa Whitney is a freelance writer