Technology Record - Issue 32: Spring 2024

Realising the vulnerabilities and policies The first step to zero trust requires businesses to map out their hybrid enterprises. This helps to visualise all the assets that need protecting, which will increase as more firms implement bring-your-own-device policies. Scenarios where there is a high turnover of staff or sudden influx of staff will result in more endpoints at risk too. Take the retail industry’s increase in temporary staff during holiday shopping seasons, for example. With many employees given access to point-of-sale systems and inventory databases, the quick onboarding and offboarding processes can leave critical systems exposed to threats if proper cybersecurity protocols are not put in place. Insider Risk Management in Microsoft Purview helps to identify and act on malicious or inadvertent user activities. The tool gives an “aggregate view of anonymised user activities to help quantify the level of risk inside an organisation and see data exfiltration patterns to help decide and prioritise policies to put in place,” says Talhah Mir, principal product manager for Purview Insider Risk Management and data security at Microsoft. “It shows the percentage of data exfiltration activities by users and the top exfiltration activities in play by users, from files copied to USB, emails being sent outside of the organisation and more.” In November 2023, global insurance firm WTW had 55,000 workstation devices and more than 200 subscriptions across its workforce. To protect all its attack surfaces, it worked with Microsoft Intelligent Security Association member BlueVoyant to deploy Purview, as well as Microsoft Defender for Endpoint and for Cloud to protect its workloads. The Microsoft solutions also helped WTW to review data protection laws to ensure it is compliant and safeguarding user data effectively across all its lines of business. Compliance Manager in Purview enables WTW to simplify compliance and reduce risk by providing pre-built assessments for common industry and regional standards and regulations, or custom assessments to meet unique compliance needs. Enhancing security with access controls Least-privilege access is a key step in zero-trust strategy where a user is given the minimum levels of permissions needed to perform their job functions. A hacker would therefore also only have access to a limited amount of company data, enabling the company to contain the impact of a security breach. Least-privilege access has been likened to a submarine with a hull that is divided into compartments, to ensure it remains seaworthy even if there’s a breach. Because the submarine’s hull is compartmentalised, any problem stays isolated in just part of the vessel. Security teams can prevent overprivileged applications by revoking unused and reducible permissions, which have the potential to provide unauthorised or unintended access to data that is not required by the application or its users to perform their jobs. To avoid the security risks posed by unused and reducible permissions, businesses need to grant only the appropriate permission. They can do this with the user and administrator consent tools in Microsoft Entra ID. WTW will use the solution to gain insight into the abuse of administrative privileges. “Devices are a really important aspect of identities,” says Paul Haywood, chief information security officer at WTW. “We’ll use Entra ID tools to manage identities and complement our other Microsoft identity solutions.” This focus on identity and device management is becoming increasingly critical. Microsoft’s Digital Defense Report found that attempted password attacks increased more than tenfold in 2023, from around three billion per month to over 30 billion. All passwords are susceptible to hacking but multifactor authentication (MFA) COVER STORY IT “ With Security Copilot, we are shifting the balance of power into our favour” VASU JAKKAL, MICROSOFT 48