Microsoft’s Annual Digital Defense Report Is Out

Microsoft’s annual Digital Defense Report has just been released, with important new insights into the state of cybercrime, nation state threats,  critical cybersecurity challenges, innovating for security and resilience, collective defense, and best cybersecurity hygiene practices.

Microsoft’s unique vantage point is this:

  • 65 trillion signals synthesized per day. That is over 750 billion signals per second, synthesized using sophisticated data analytics and AI algorithms to understand and protect against digital threats and criminal cyberactivity.
  • More than 10,000 Microsoft security and threat intelligence experts, including engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across the globe.
  • 4,000 identity authentication threats blocked per second on average over the past year.
  • More than 300 unique threat actors tracked by Microsoft Threat Intelligence, including 160 nation-state actors, 50 ransomware groups, and hundreds of others.
  • More than 100,000 domains have been removed that were utilized by cybercriminals, including over 600 employed by nation-state threat actors. 
  • More than 15,000 partners with specialized solutions in our security ecosystem, who increase cyber resilience for our customers.
  • 135 million managed devices providing security and threat landscape insights.

Jason Keirstead, Vice President of Collective Threat Defense, Cyware had this to say:

   “I’m glad to see collective defense highlighted in Microsoft’s Digital Defense Report. In today’s constantly evolving threat landscape, no entity can stand alone. Individual defenses are critical, but as cyberthreats grow – and grow more sophisticated – taking rapid and effective action relies on the speed at which security teams can get the right intel to the right people. No organization can afford to waste time reinventing the wheel, developing defenses that have already been developed. Real-time collaboration among trusted internal and external entities expedites the ability to develop detection and response plans and to respond to threats.

Paul Valente, CEO, VISO TRUST follows with this:

   “This report underscores that third-party risk management must extend across our informational ecosystems and assess the defenses of trusted third parties well beyond our own organizational boundaries. For example, in the battle against social engineering tactics, the susceptibility of employees within these vendor organizations is often overlooked.

   “As the report highlights, many vendors are missing a critical component in their security strategy: testing the susceptibility of their employees to social engineering attacks. This omission poses a shared risk to us as their partners, as a breach within their organization can potentially provide malicious actors with an entry point into our network as well. We’ve seen recent examples such as the Reddit and Slack breaches, where highly sophisticated phishing attacks compromised employees and subsequently jeopardized the security of the organizations they served.

   “The crux of the matter is that whether a vendor has direct access to our internal systems or merely possesses contact details that are not readily available online, a successful third-party phishing attack can become a significant threat to our organization’s security.

   “So, what should we do if a vendor doesn’t implement social engineering testing? In some cases, where a vendor has minimal access to our network, we should assess the potential impact of their compromise on our organization. Questions like “Could they access sensitive data?” are crucial. If the answers lean towards affirmative, it’s incumbent upon us to look inward and explore ways to mitigate the risks that the vendor presents. If there are limited mitigation options, it may be prudent to explore alternative third-party solutions.

   “In the fight against third-party social engineering vulnerabilities, we must focus on the human factor and adopt a shared responsibility approach. Acknowledging that phishing emails can occasionally slip through even the most robust defenses, both we and our vendors should prioritize employee training to resist clicking on malicious links. Regardless of the security measures our vendors have in place, closing security gaps requires teamwork and collaboration. We must work closely with our vendors, fulfill our part of the security equation, and assume a shared level of responsibility whenever feasible.

   “To enhance our ability to identify and address third-party risks, we should consider leveraging tools and solutions like those offered by VISO TRUST. These tools can help us pinpoint blind spots in our third-party risk landscape and identify common controls that are susceptible to cyberattacks. It’s crucial to proactively assess and manage third-party risks to bolster our overall cybersecurity posture.

This report from Microsoft provides all sorts of useful insights, and should be required reading if you are defending your environment from the bad guys. It’s well worth your time.

Leave a Reply

%d bloggers like this: