Technology Record - Issue 28: Spring 2023

movement or disrupt the organisation’s operational technology (OT),” says Michal BravermanBlumenstyk, chief technology officer of Microsoft Security, in the Microsoft Digital Defense Report 2022. “However, there is hope on the horizon. Policymakers and network defenders are acting to improve the cybersecurity of critical infrastructure, including the internet of things (IoT) and OT devices they rely on. Policymakers are accelerating the development of laws and regulations to build public trust in the cybersecurity of critical infrastructure and devices. “Microsoft is partnering with governments around the world to seize this opportunity to enhance cybersecurity and we welcome additional engagement.” Braverman-Blumenstyk recommends three key ways for organisations to improve their IoT and OT security posture. First, implement continuous monitoring of IoT and OT devices. Second, demand and implement better cybersecurity practices for the IoT and OT devices themselves. Third, implement a security monitoring solution which spans both IT and OT networks. “This holistic approach has the significant added benefit of contributing to critical organisational processes, such as ‘breaking the silos’ between OT and IT, which in turn enables the organisation to reach an enhanced security posture while meeting business objectives,” she says. Realising cyber resilience In the face of these complex security threats, organisations must implement the right technologies, processes and safeguards to ensure their cyber resilience. “Digital threat activity and the level of cyberattack sophistication increases every day,” says Bret Arsenault, chief information security officer at Microsoft. “We have observed identity phishing attacks are a clear and present threat. However, these types of attacks are generally unsuccessful with good identity management, phishing control, and endpoint management practices.” Arsenault reiterates Weinert’s point that there are simple solutions, especially since 98 per cent of attacks can be stopped with basic hygiene measures in place. “At Microsoft, we manage identities and devices as part of our zero-trust approach, which includes least privileged access and phishing-resistant credentials to effectively stop threat actors and keep our data protected,” he said. Microsoft Sentinel and Microsoft Defender are just two of the many offerings that Microsoft can deliver in this space. In October 2022, the firm launched Defender for IoT solution for Microsoft Sentinel, which provides a security operations centre experience for IT and OT environments. It allows users to identify security issues in OT before they attract any threat actors, and detect threat activity that uses OT to enter or cause damage and disruption to operations. Artificial intelligence is also becoming increasingly crucial to the conversation. “As we watch the progress of AI accelerate quickly, Microsoft is committed to investing in tools, research, and industry cooperation as we work to build safe, sustainable, responsible AI for all,” writes Vasu Jakkal, corporate vice president of Microsoft security, compliance, identity and privacy, on LinkedIn. “By working together, we can help build a safer digital world and unlock the potential of AI.” Microsoft Counterfeit is one example of this. The automation tool helps organisations conduct AI security risk assessments to ensure that the algorithms used in their businesses are robust, reliable and trustworthy. “We live in an era where security is a key enabler of technological success,” says Arsenault. “Innovation and enhanced productivity can only be achieved by introducing security measures that make organisations as resilient as possible against modern attacks. As digital threats increase and evolve, it’s crucial to build cyber resilience into the fabric of every organisation.” DID YOU KNOW? of cybersecurity attacks can be stopped with 98% basic hygiene measures “ Only by working together can we succeed in taking on those who seek to undermine democratic processes and institutions” TERESA HUTSON, MICROSOFT 53