+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

2021 Digital Defense Report

Microsoft’s 2021 Digital Defense Report provides a useful summary of the current and emerging threat landscape for Security Managers and CISOs.  Read on for our summary of the key lessons from this year’s report.

 

Cyber crime for Dummies

We have seen increased industrialisation and commercialisation of cyber-crime over the last year.  Criminal gangs are now creating tools aimed at non-technical affiliates allowing them to jump on the ransomware bandwagon easily in return for a 30% affiliate fee of any ransom revenue earned.  Ransoms are paid into cryptocurrency escrow services run by other criminals providing some ‘assurance’ to the victims that the ransom will not be released unless the decryption code actually works.  In order to get the ransomware into the target network, compromised credentials are bought on markets hosted on the Dark Web for an average of just $0.97 per username and password pair or a denial of service attack can be ordered from a DDoS-as-a-service for $300 a month.

In the year to June 2021, the USA was the most hit by ransomware with just under 250 million computers being infected by ransomware according to Microsoft. The UK is fifth in this league table of shame with about 40m devices impacted – however when you allow for the UK population being just 20% of the USA, the rate of ransomware incidence is very similar.

Cyber security for Dummies

Basic security hygiene still protects against 98% of attacks says Microsoft.  The report goes on to summarise their definition of the five key elements of basic security hygiene:

Enable multi-factor authentication (MFA) – MFA will stop a stolen password from being used.  Whether it’s a onetime code from Google Authenticator, a passcode delivered by text message or using a dongle or physical security key – needing something other than the password to login is the single biggest step you can take to secure your network and key systems.

Always assign the least privilege access – when (not if) the bad guys get into your network, you can hobble their attempts to move around the network and escalate their access by ensuring that each login only has the minimum permissions necessary for the real account holder to be able to do their job.

Apply updates and patches promptly – every month software and device vendors publish updates and patches to their software that fixes known security vulnerabilities.  By promptly installing those patches on all your devices, from smartphones to laptops, servers to network routers – you minimise the window of opportunity for threat actors to make use of those vulnerabilities to attack your network.

Deploy anti-malware tools – gone are the days of installing an anti-virus app only on your desktop.  Today’s anti-malware tools look for malicious code of all flavours, not just viruses – and these tools live on your desktop, and on servers, and in your firewalls and in the cloud – all working together with real time threat telemetry coming from security vendors to identify and block emerging and novel threats in almost real time.

Protect your data – if an attacker still manages to get into your network and locate your valuable data – ensuring it is appropriately protected is a vital last line of defence.  By taking a risk based approach, you can ramp up the protection of the most sensitive data – and by knowing exactly where it is on your network you can be more confident in knowing whether any unauthorised access ever takes place.

Trust no-one

Microsoft believes that adopting a Zero Trust approach – that is, always assuming that a breach has occurred – is the future of network security, especially with the expected continuation of hybrid and remote working.  This includes taking steps such as rolling out Multi Factor Authentication – which prevents over 99% of credential theft attacks, and the move to other authentication methods such as the new password-less sign-in available for Azure Active Directory.

The Phishing Industry is alive and well

Phishing is the most common type of malicious email detected  by Microsoft, and threat actors are using increasingly sophisticated techniques in order to steal credentials.  The basic phishing email attempts to trick the victim into disclosing their username and password which the attacker captures to use later.  The increased use of multi-factor authentication blunts the effectiveness of this kind of attack.  The response of the cyber criminals is to try to steal OAuth access tokens by tricking the victim into granting permission to a malicious application to access their OAuth enabled account.  The key here is that OAuth tokens are not protected by MFA or other credential protections.  While anti-malware and email filters can block some of these kinds of phishing emails, staff Security Awareness training is still the most effective counter measure to help your team spot the dubious email before they click on any links.

Straight forward con tricks based on Business Email Compromise is, according to the FBI, still the cyber-crime that costs businesses the most.

The supply chain is the new front line

The emergence of the supply chain as a focus of cyber-crime was one of the key developments of the last year.  High profile compromises at Solarwinds and Kaseya brought the idea of supply chain attacks onto the radar of many security managers for the first time, and for suppliers, their cyber security ability will become a competitive advantage when bidding for new customers.  Supplier due diligence needs to be more than completing a questionnaire at the start of the relationship.  Ongoing monitoring of suppliers and active demonstration of ongoing compliance with agreed security protocols are going to be increasingly demanded which will bring their own governance and monitoring overheads for security teams.

From Cyber Security to Cyber Resilience

Two months into the COVID pandemic in May 2020, Satya Nadella said: ‘We have seen two year’s worth of digital transformation in two month.’  Centralised organisations became decentralised overnight as many staff were forced to work from home and the agility of IT departments to deploy new flexible working solutions became mission critical overnight.  Microsoft concludes their report with the idea that more than just security, the resilience of an organisation’s cyber (that is IT) systems to challenge and change will be how we think going forward.  This resilience will need to cope with challenges that are predictable (such as severe weather), unplanned (such as earthquakes) criminal or legal (such as a cyber-attack), and societal (such as a pandemic).  The role of IT leaders is to ensure the business continues to operate no matter what happens, and that data is kept confidential, integrity is maintained and systems are available where-ever staff happen to be located.

 

You can read the full report on Microsoft’s website here.

 

 

 

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.