Archive

Archive for the ‘Ciso series page’ Category

Simplify compliance and manage risk with Microsoft Compliance Manager

January 14th, 2021 No comments

The cost of non-compliance is more than twice that of compliance costs. Non-compliance with the ever-increasing and changing regulatory requirements can have a significant impact on your organization’s brand, reputation, and revenue. According to a study by the Ponemon Institute and Globalscape, being compliant will cost you less compared to business disruptions, loss of revenue, and hefty fines.

Data explosion and regulatory environment

As organizations go through digital transformation, they are generating and consuming much more data than in the past to help them gain an edge over their competitors. This data is necessary to continue to stay relevant by empowering employees, engaging customers, and optimizing operations. Managing this data and the variety of devices on which it is created can be complicated, especially when it comes to ensuring compliance.

Not only is the amount of data IT must manage exploding, regulations on how that data can and should be handled are also increasing. Collecting customer and citizen data is often an integral part of how public and private sector organizations function. While there has been progress over the last few years, the challenge of maintaining and protecting personal data continues. Regulations are creating a need for the responsible usage of personal data, and the stakes are high. Not complying with regulations can result in significant fines and reduced credibility with regulators, customers, and citizens.

Manage compliance challenges

According to a recent report about the cost of compliance, there were more than 215 regulation updates a day from over 1,000 regulatory bodies all over the world, a slight decrease from the previous year. For example, enforcement of the California Consumer Privacy Act (CCPA), Brazil’s Lei Geral de Proteção de Dados (LGPD), and Thailand’s Personal Data Protection Act (PDPA) began in 2020.

Organizations face all kinds of risks, including financial, legal, people, IT, and cybersecurity risks. Below are some of the challenges we are seeing due to the dynamic nature of the compliance landscape.

  • Keeping up with constantly changing regulations is a struggle. With all the regulatory and standards bodies creating new or revising existing requirements and guidelines, keeping up to date is time and resource-intensive.
  • Point-in-time assessments create a digital blind spot. Many organizations rely on point-in-time assessments, like annual audits. Unfortunately, they can go out of date quickly and expose the organization to potential risks until the next assessment is done. Organizations are looking for ways to improve integration and create near real-time assessments to control risks caused by digital assets.
  • Inefficient collaboration and siloed knowledge lead to duplication of effort. Organizations are often challenged due to siloed knowledge concerning IT risk management. IT and security admins know the technology solutions but find regulations difficult to understand. Contrast that with compliance, privacy, and legal teams who tend to be familiar with the regulations but are not experts in the technology available to help them comply. In addition, many organizations start their compliance journey using general-purpose tools like Microsoft Excel and try to track compliance manually, but quickly outgrow this approach because of the complexities of managing compliance activities.
  • Complexity across IT environments hinders adoption. Understanding how to integrate the many solutions available and configure each one to minimize compliance risks can be difficult. This is especially true in organizations with solutions sourced from multiple vendors that often have overlapping functionality. Decision-makers want simple step-by-step guidance on how to make the tools work for the industry standards and regulations they are subject to.

Simplify compliance with Microsoft Compliance Manager

Microsoft Compliance Manager is the end-to-end compliance management solution included in the Microsoft 365 compliance center. It empowers organizations to simplify compliance, reduce risk, and meet global, industry, and regional compliance regulations and standards. Compliance Manager translates complicated regulations, standards, company policies, and other desired control frameworks into simple language, maps regulatory controls and recommended improvement actions, and provides step-by-step guidance on how to implement those actions to meet regulatory requirements. Compliance Manager helps customers prioritize work by associating a score with each action, which accrues to an overall compliance score. Compliance Manager provides the following benefits:

  • Pre-built assessments for common industry and regional standards and regulations, and custom assessments to meet your unique compliance needs. Assessments are available depending on your licensing agreement.
  • Workflow functionality to help you efficiently complete risk assessments.
  • Detailed guidance on actions you can take to improve your level of compliance with the standards and regulations most relevant for your organization.
  • Risk-based compliance score to help you understand your compliance posture by measuring your progress completing improvement actions.

Shared responsibility

For organizations running their workloads only on-premises, they are 100 percent responsible for implementing the controls necessary to comply with standards and regulations. With cloud-based services, such as Microsoft 365, that responsibility becomes shared between your organization and the cloud provider, although is ultimately responsible for the security and compliance of their data.

Microsoft manages controls relating to physical infrastructure, security, and networking with a software as a service (SaaS) offering like Microsoft 365. Organizations no longer need to spend resources building datacenters or setting up network controls. With this model, organizations manage the risk for data classification and accountability. And risk management is shared in certain areas like identity and access management. The chart below is an example of how responsibility is shared between the cloud customer and cloud provider with various on-premises and online services models.

shows the Shared responsibility model

Figure 1: Shared responsibility model

Apply a shared responsibility model

Because responsibility is shared, transitioning your IT infrastructure from on-premises to a cloud-based service like Microsoft 365 significantly reduces your burden of complying with regulations. Take the United States National Institute of Standards and Technology’s NIST 800-53 regulation as an example. It is one of the largest and most stringent security and data protection control frameworks used by the United States government and large organizations. If your organization were adhering to this standard and using Microsoft 365, Microsoft would be responsible for managing more than 75 percent of the 500 plus controls. You would only need to focus on implementing and maintaining the controls not managed by Microsoft. Contrast that situation with one where your organization was running 100 percent on-premises. In that case, your organization would need to implement and maintain all the NIST 800-53 controls on your own. The time and cost savings managing your IT portfolio under the shared responsibility model can be substantial.

shows the NIST examples of shared responsibilities

Figure 2: NIST examples of shared responsibilities

Assess your compliance with a compliance score

Compliance Manager helps you prioritize which actions to focus on to improve your overall compliance posture by calculating your compliance score. The extent to which an improvement action impacts your compliance score depends on the relative risk it represents. Points are awarded based on whether the action risk level has been identified as a combination of the following action characteristics:

  • Mandatory or discretionary.
  • Preventative, detective, or corrective.

Your compliance score measures your progress towards completing recommended actions that help reduce risks around data protection and regulatory standards. Your initial score is based on the Data Protection Baseline, which includes controls common to many industry regulations and standards. While the Data Protection Baseline is a good starting point for assessing your compliance posture, a compliance score becomes more valuable once you add assessments relevant to the specific requirements of your organization. You can also use filters to view the portion of your compliance score based on criteria that includes one or more solutions, assessments, and regulations. More on that later.

The image below is an example of the Overall compliance score section of the Compliance Manager dashboard. Notice that even though the number under Your points achieved is zero, the Compliance Score is 75 percent. This demonstrates the value of the shared responsibility model. Since Microsoft has already implemented all the actions it is responsible for, a substantial portion of what is recommended to achieve compliance is already complete even though you have yet to take any action.

Shows the Compliance Score from Microsoft Compliance Manager

Figure 3: Compliance Score from Microsoft Compliance Manager

For more information on Microsoft Compliance Manager, please visit the Microsoft Compliance Manager documentation. To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Simplify compliance and manage risk with Microsoft Compliance Manager appeared first on Microsoft Security.

Siemens USA CISO: 3 essentials to look for in a cloud provider

December 14th, 2020 No comments

In the latest episode of my series, The Shiproom, I spoke with Kurt John, Chief Cybersecurity Officer (CISO) at Siemens USA. Kurt is listed in Security Magazine’s Top 10 most influential cybersecurity leaders, and he also serves on a special cybersecurity committee organized by the Under-Secretary-General of the United Nations.

As CISO for Siemens USA, Kurt describes his job as “leveraging cybersecurity through our value chain to protect the trust society has in us to solve the world’s most complex problems.” Siemens has embraced industry 4.0 and IoT, leading the way in automation for operational technology (OT). The company has been operating in the United States for 160 years and today has 50,000 employees. The responsibility to protect all the people, devices, and intellectual property (IP) rests on Kurt’s shoulders.

“I think movement to the cloud is inevitable,” Kurt tells me in our discussion. “It’s just way too cost-effective. You can scale quickly. But not all cloud providers are created equal.” According to Kurt, a good cloud provider should deliver three things: flexibility, control, and visibility. “You need to have your eyes on everything happening in the cloud. Whether it’s changing business conditions or a threat from an adversary; you need to be able to adjust.”

At one point, a scientist from the future interrupts our conversation (you had to be there) to ask Kurt about the challenges of balancing on-premises data vs. cloud storage: “You want the relationship between the cloud and the enterprise to be as seamless as possible,” Kurt replies. “What’s most important—how well does the cloud provider deploy security controls? I need to be able to wrap my hands around any incident through good protection and detective mechanisms, and good reporting.”

We also touched on how a diverse security team offers better protection against today’s diverse cyber threats. “Diversity in the team immediately skyrockets creativity. With a team that’s physically and cognitively diverse. It’s a wonder what we can accomplish together.”

Talking about building a strong security team lead to how mentorship can play a role, Kurt himself mentors college students who are considering a career in tech. “There’s a myth that working in cybersecurity requires you to be incredibly technical. That’s just not the case. Cybersecurity is as big as you make it.”

Watch the whole discussion on The Shiproom: Siemens USA.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Siemens USA CISO: 3 essentials to look for in a cloud provider appeared first on Microsoft Security.

Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our planet

December 3rd, 2020 No comments

The accelerated rate of digital transformation we have seen this past year presents both challenges and endless opportunities for individuals, organizations, businesses, and governments around the world. Cybersecurity is the underpinning of helping protect these opportunities. By examining the influences that are shaping the cyber landscape, and hearing from security experts, industry thought leaders, our customers, and partners—we help strengthen how Microsoft can protect these opportunities.

This month we wrapped season three of Afternoon Cyber Tea with Ann Johnson where Sandra Joyce, a threat intelligence expert joined me for the concluding episode to talk about election security and protecting ourselves against misinformation. Our discussion was incredibly illuminating, and it is a perfect example of the ground we continue to cover in these thoughtful conversations.

Each episode has surfaced perspectives on how our collective approach to cybersecurity ties directly to some of society’s most pressing issues, including the need for more diverse voices in the industry, the impact of a global health emergency, and the urgent need to reframe how we think about security.

The impact of a pandemic on global operations

James Turner, an industry analyst who works to support chief information security officers (CISOs) and strengthen the resilience of the economies for Australia and New Zealand shared his insights in this season’s first episode. He reminded us of that cybersecurity is everyone’s business, using the banking industry to emphasize collaboration between organizations on matters of security, even if those organizations are competitors. “The security operating centers at large banks are on speed dial with each other all the time because the attack against Company A hits Company B the next day.” 

Even during a global pandemic, which James has seen as a tremendous catalyst for information-sharing amid budget cuts and workforce impact, he says simply reaching out to peers remains critical to understanding and preventing threats.

For Microsoft’s Chief Information Security Officer, Bret Arsenault, the pandemic has also reinforced the importance of planning and testing emergency scenarios to combat bad actors who attempt to exploit human vulnerabilities and new realities of life and work online.

“We’ve seen a really big increase in ransomware and a lot of activity against Remote Desktop Protocol because so many people are remoting in. When you see broad usage, you will see broad bad actor campaigns against those things.”—Microsoft’s Chief Information Security Officer, Bret Arsenault, Microsoft

So as companies advance their digital transformation, the best way to enable a productive workforce is to secure it with a solid strategy to mitigate opportunism. And while a little digital empathy goes a long way, getting employees to think responsibly about their own security can help remote workforces avoid risk, too.

Reframing cybersecurity as a business imperative

The human side of cybersecurity remains one of the trickiest but most critical areas to tackle in the industry. Many guests said it’s integral to how they advise organizations on threat prevention and mitigation.

Jules Okafor, CEO and founder of RevolutionCyber, built her entire company on the premise of transforming institutional cyber mindset to drive behavior change among employees after seeing too many organizations focused on selling security products instead of solving problems.

That’s not a cyber mindset. It’s more about how do you surround people with cybersecurity in a way that helps them understand it will make them do their jobs better? Cybersecurity has to be better at aligning with the way people think.”—Jules Okafor, CEO and founder, RevolutionCyber

And I think all of my guests would agree cybersecurity should be prioritized throughout all levels and departments of an organization. Some companies are innovating how they do just that.

“Honestly, some of the most successful cybersecurity internal departments I’ve seen have reported out of risk or finance, not technology.”Tarah Wheeler, Security Researcher and Fulbright Scholar

Defining cybersecurity as one of the pillars of a business Tarah says, demonstrates that it is critical to your success and more than just an afterthought.

This prioritization reflects a level of understanding that Sandra, my most recent guest, said has become paramount in today’s threat landscape.

As the head of Mandiant Intelligence at FireEye, Sandra discourages a prevention-only mindset. Instead, she advises organizations to assume attacks will happen and to conduct threat profiles that help them strategize how to mitigate the damage when breaches occur.

“If you can understand where you sit in the ecosystem, you can prioritize more and, at the very least, get more efficient” she says. “Don’t just look at the initial intrusion. Don’t let the first day of an attack be the day you determine how to manage it.”

But these steps are not limited to organizations. Theresa Payton, CEO of Fortalice Solutions, and author of Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth, also offered individuals advice on how to guard against the influence of misinformation campaigns. Our conversation touched on the personal data collected by our devices, too, and what we trade for convenience and insights about the patterns of our lives.

That ubiquitous nature of technology in our lives right now really does have an implication on both privacy but also the risk-versus-reward tradeoff when that data could be really helpful,” she said.

While AI-enabled voice assistants, intelligent appliances, and more can benefit users—think, for example, of discovering an underlying health condition revealed by data collected by your smartwatch—Theresa cautioned against the innumerable unknowns about how that data could be used. And she called on organizations and governing bodies to build security into design and guardrails that prevent helpful technology from hurting us.

The pressing need for more diverse voices in cybersecurity

I am grateful for the chance to talk with guests of unique backgrounds and experiences to hear what inspires them and how they are shaking up the white, male-dominated cybersecurity industry. It became clear that promoting diverse voices goes beyond tapping into a cultural moment—it’s about strengthening the entire industry.

Camille Stewart, head of security policy and election integrity for Android and Google Play, may have put it best when she said, “Racism is inherently a cybersecurity issue because people are at the core of how security controls are adopted and how technology is used. If we do not address issues of systemic racism, the processes and institutions that we are building security into are inherently vulnerable.”

In other words, diversity is threat mitigation, in and of itself.

That is why Camille’s collaboration with Lauren Zabierek, executive director of the Cyber Project at Harvard Kennedy School’s Belfer Center for Science and International Affairs is so compelling. Together, they launched the #ShareTheMicInCyber campaign to amplify diverse, expert voices in cybersecurity and share insights to help organizations identify blind spots.

It is an important reminder that the cybersecurity industry is a community and that our ability to protect against threats is only as strong as our ability to identify them—together.

This is something I have so valued this season. The diversity of expertise, experiences, and backgrounds reflected in these episodes are, on a grander scale, helping to shape and improve our collective understanding of cybersecurity. I hope you will find useful takeaways from these leaders who are at the fore of securing and strengthening our industry.

Thank you to all who listened to season three of Afternoon Cyber Tea. All episodes are available to stream and download on PodcastOne, Spotify, and Apple Podcasts.

To learn more about Microsoft Security solutions visit our website. To learn more about CISO topics and solutions, watch the Microsoft CISO Spotlight Series with our host Theresa Payton. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our planet appeared first on Microsoft Security.

Enable secure remote work, address regulations and uncover new risks with Microsoft Compliance

September 22nd, 2020 No comments

As we talk with a broad range of customers in the current environment, we hear some consistent challenges businesses are facing. With so many remote workers, people are creating, sharing, and storing data in new ways, which fosters productivity, but can also introduce new risks. A recent Microsoft poll of Chief Information Security Officers (CISOs) revealed that providing secure remote access to resources, apps, and data is their top concern.

To help companies better protect their data, mitigate risk, and address compliance regulations, especially in this time of flexible work, we are announcing several new capabilities across Microsoft Compliance, including:

  • General availability of Microsoft Compliance Manager to address industry regulations and custom requirements.
  • New connectors and APIs to help you to extend Microsoft compliance capabilities to third-party apps.
  • Ability to protect native and third-party cloud apps through unified data loss prevention (DLP), now extended to Microsoft Cloud App Security (MCAS) in public preview.
  • Expanded security and compliance capabilities built directly into Microsoft Teams.

Read on to learn more about these and additional features beginning to roll out today in Microsoft 365 Compliance. You can also check out what Jeff Teper, Corporate Vice President for Microsoft 365, has to say about Microsoft Compliance.

Addressing the complexity of data regulations with Microsoft Compliance Manager

In addition to the talent shortage and complexity of compliance management, customers also face the need to comply with an increased volume and frequency of regulations, with hundreds of updates a day globally to thousands of industry and regional regulations. Additionally, the complexity of regulations makes it challenging for organizations to know specific actions to take and their impact.

Compliance Manager offers a vast library of assessments for expanded regulatory coverage, built-in automation to detect tenant settings, and step-by-step guidance to help you manage risk. Compliance Manager translates complex regulatory requirements to specific technical controls, and through compliance score, provides a quantifiable measure of risk assessment. Generally available today, Compliance Manager brings together the existing Compliance Manager and Compliance Score solutions in the Microsoft 365 compliance center.

Now, with more than 150 out-of-the-box and scalable assessments in Compliance Manager, you can address industry- and region-specific requirements, while also meeting multiple requirements through a single action.

The flexibility of custom assessments also allows you to extend compliance and risk management beyond Microsoft 365 to meet your specific business needs. For example, if you are currently tracking compliance of your SAP data in an Excel file, you can bring that into Compliance Manager.

You can learn more about Compliance Manager on Tech Community. Check out Frost Bank’s experience with Compliance Manager on the Microsoft Customer site.

Extending compliance capabilities to manage data risk beyond Microsoft 365

To provide greater visibility into your data, wherever it lives, we are making new connectors available that can pull data from other apps into Microsoft Compliance (including Microsoft Information Protection, Insider Risk Management, Communication Compliance, and eDiscovery) to help you to reason over, protect, and govern that data. These new connectors – available in partnership with Globanet and Telemessage – include SMS/text connectors for various telecom operators (e.g., AT&T, Verizon, T-Mobile, etc.), WhatsApp, Zoom, and Slack.

A key ask from our partners and customers is the ability to access Microsoft Compliance solutions and integrate them with existing applications and services that are part of broader compliance, security, and operations (SecOps) ecosystems, including Symantec, McAfee, and Relativity.

To help, we are announcing new APIs, which are part of the broader Microsoft Graph ecosystem:

  • Teams Data Loss Prevention (DLP) API: Allows third-party products to integrate and enable data loss prevention capabilities for Microsoft Teams.
  • eDiscovery API: Allows the automation of Advanced eDiscovery processes, including case creation and the entire legal hold notification workflow to communicate with custodians involved in a case.
  • Teams Export API: Allows the export of Teams Messages (1:1 and group chat) along with attachments (file links and sticker), emojis, GIFs, and user @Mentions. This API supports polling daily Teams messages and allows archiving of deleted messages up to 30 days.

An image showing the Microsft 365 Compliance ecosystem.

Figure 1: Extending compliance beyond Microsoft 365 — We have partnered with Globanet and Telemessage to deliver ready-to-use connectors. All Microsoft and ​third-party built connectors are now available in a single catalog.

You can learn more in the Tech Community blog.

Extending unified data loss prevention to Microsoft Cloud App Security (MCAS)

Having the right data protection and governance approach is critical to not only addressing regulatory compliance but also to mitigating risks around data leakage.

Microsoft Information Protection helps you to identify your data and ensure you have the right data classification in place to properly protect and govern that data, which enables you to apply data loss prevention (DLP) to enforce policies against that data. In July, we announced the public preview of Microsoft Endpoint Data Loss Prevention (DLP), which builds on the labeling and classification in Microsoft Information Protection. Endpoint DLP extends the existing DLP capabilities in Microsoft 365, helping you to meet compliance requirements and protect sensitive information on devices by restricting what data apps can access. Endpoint DLP is also natively integrated with the new Microsoft Edge browser, providing additional policy options to restrict the flow of data when accessing web sites.

Today we announce the extension of Microsoft data loss prevention solutions to Microsoft Cloud App Security. This new capability, now in public preview, extends the integration for DLP policy-based content inspection across connected applications such as Dropbox, Box, Google Drive, Webex, One Drive, SharePoint, and others. This extension of Microsoft data loss prevention solutions to MCAS helps users remain continuously compliant when using popular native and third-party cloud apps and helps to ensure sensitive content is not accidentally or inappropriately shared. MCAS uses the same policy framework and more than 150 sensitive information types that is common across all Microsoft data loss prevention solutions, to provide a familiar, consistent, and seamless experience.

You can learn more about our unified approach to data loss prevention on Tech Community.

Additional security and compliance features, including Advanced eDiscovery, being added to Microsoft Teams

As Microsoft Teams usage has grown with the shift to remote work, organizations are looking for seamless integration in order to keep their data and employees secure and compliant.

With the volume of business conversations happening now in Microsoft Teams, we are also adding additional security and compliance features, including:

  • Advanced eDiscovery now supports live documents and links shared in Microsoft Teams. Advanced eDiscovery automatically collects documents from a storage location, such as SharePoint or OneDrive, to pull the content into an eDiscovery case. The attachments are collected, reviewed, and exported along with the Teams conversations so customers don’t need to manually find and collect the documents one by one.
  • Auto-apply retention policies for Microsoft Teams meeting recording allow you to retain and delete recordings with in-place governance, which means the retention policies apply wherever the recordings are saved without the need to export elsewhere. When the rollout for this begins in October, we will provide guidance on how you can leverage Keyword Query Languages to create retention policies for Teams meeting recordings.
  • We now include Teams-specific actions in Compliance Manager, which provide guidance around improvement and implementation of actions you can take to help to align with protection regulations and standards.
  • We are also announcing Customer Key support for Teams. Microsoft helps keep Teams data safe by encrypting it while at rest in Microsoft datacenters. Now we are extending this capability to enable customers to add a layer of encryption using their own keys for Teams, similar to Exchange Online, SharePoint Online, and OneDrive.  
  • Insider Risk Management now offers native integration with Microsoft Teams to securely coordinate, collaborate, and communicate on a case with relevant stakeholders in the organization. When an Insider Risk management case is created, a private Microsoft Teams team will also be created and bound to the case for its duration. This Microsoft Teams team will, by default, include insider risk management analysts and investigators, and additional contributors such as HR and Legal, can be added as appropriate. With Teams integration, stakeholders can:
    • Use channel conversations to coordinate and track review/response activities.
    • Share, store, and review relevant files and associate evidence. 

Additional new capabilities coming to Microsoft Compliance

While I’ve discussed some of the biggest areas of investment for us in Microsoft Compliance, there are many additional new capabilities we’re excited to bring to you today:

  • Microsoft Information Protection now includes more than 150 sensitive data types, improvements to Exact Data Match, the general availability of automatic labeling in Office apps, and more.
  • Microsoft Information Governance and Records Management include new in-place retention and deletion policies for Yammer messages (rolling out now in public preview), as well as integration with the new SharePoint Syntex.
  • Insider Risk Management now integrates with Power Automate, provides a richer investigation experience, and includes expanded signal visibility to badging systems for building security.
  • Communication Compliance now provides enhanced visibility across a variety of communication channels and integration with Power Automate.
  • Advanced eDiscovery now has improved workflows, support for linked content in emails or chat messages, and enhanced collection experience.
  • Advanced Audit now includes two new audit events to help with forensic investigations and the ability to add 10-year audit log retention.

Remote and hybrid work scenarios have demonstrated that there has never been a more important time to invest in security and compliance. Get started today with Microsoft 365. To learn more about Microsoft Compliance and gain more technical training, visit the Virtual Hub today.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Enable secure remote work, address regulations and uncover new risks with Microsoft Compliance appeared first on Microsoft Security.

Microsoft Security: Use baseline default tools to accelerate your security career

September 14th, 2020 No comments

I wrote a series of blogs last year on how gamified learning through cyber ranges can create more realistic and impactful cybersecurity learning experiences and help attract tomorrow’s security workforce. With the global talent shortage in this field, we need to work harder to bring people into the field. This blog is for new cyber professionals or perhaps younger aspirants considering getting into cyber. From an employee’s perspective, it can seem daunting to know where to start, especially when you’re entering an organization with established technology investments, priorities, and practices. Having come to this field later in my career than others, I say from experience that we need to do a better job collectively in providing realistic and interesting role-based learning, paths toward the right certifications and endorsements, and more definitive opportunities to advance one’s career.

I’m still a big fan of gamified learning, but if gaming isn’t your thing, then another way to acquire important baseline learning is to look at simpler, more proactive management tools that up-level different tasks and make your work more efficient. Microsoft has recently released two important cloud security posture management tools that can help a newer employee quickly grasp basic yet critically important security concepts AND show immediate value to your employer. They’re intuitive to learn and deserve more attention.  I’m talking about Azure Security Defaults and Microsoft Secure Score (also including Azure Secure Score). While tools like these don’t typically roll off the tongue, and your experience won’t grab you like an immersive gaming UI, their purpose-built capabilities that focus on commonly-accepted cyber hygiene best practices reinforce solid foundational practices that are no less important than SecOps, incident response, or forensics and hunting. Learning how to use these tools can make you a champion and influencer, and we encourage you to learn more below. These capabilities are also built directly into our larger Azure and M365 services, so by using built-in tools, you’ll help your organization maximize its investments in our technologies and help save money and reduce complexity in your environment.

Azure Security Defaults is named for what it does—setting often overlooked defaults. With one click, you automatically enable several foundational security controls that if left unaddressed are convenient and time-tested targets for attackers to go after your organization. One question that I frequently receive is why Microsoft doesn’t simply pre-configure these settings by default and force customers to turn them off. Several large, high-threat customers have asked specifically that we do that. It’s tempting, but until or unless we make such a move, this is a great self-service add-on. As explained in this blog, ASD does the following:

  • Requires all users to register for Azure Multi-Factor Authentication.
  • Requires admins to perform MFA.
  • Blocks legacy authentication protocols.
  • Requires users to perform MFA when necessary.
  • Protects privileged activities to access the Azure Portal.

A recent important addition to ASD is that Microsoft announced on August 12th that ASD is now also available through Azure Security Center. This is an important and beneficial addition in that it adds another opportunity for your IT organization—whether identity and access management, or security operations—to implement the defaults. I’ve noticed on several occasions when briefing or providing a demo on Azure Security Center to a CISO team that a challenge in effectively using this service may come down to organizational issues, specifically, Who OWNS it?  Is ASC a CISO tool? Regardless of who may own the responsibility, we want to provide the capability upfront.

MICROSOFT SECURE SCORE is a relatively new feature that is designed to quantify your security posture based on how you configure your Microsoft resources. What’s cool and impactful about it is that it provides in a convenient top-down meu approach the relative approach your organization has taken compared (anonymously) with your industry segment’s peers (given in many cases similar reference architectures), and provides clear recommendations for what you can do to improve your score. From a Microsoft perspective, this is what we’d say all carrot and no stick. Though as covered above we provide Azure Security Defaults, customers are still on point to make a proactive decision to implement controls based on your particular work culture, compliance requirements, priorities, and business needs. Take a look at how it works:

This convenient landing page provides an all-up view into the current state of your organization’s security posture, with specific recommendations to improve certain configuration settings based on an art-of-the-possible. In this demo example, if you were to turn enable every security control to its highest level, your score would be 124, as opposed to the current score of 32, for a percentage of 25.81. Looking to the right of the screen, you get a sense of comparison against peer organizations. You can further break down your score by categories such as identity, data, device, apps, and infrastructure; this in turn gives a security or compliance team the opportunity to collaborate with hands-on teams that control those specific resources and who might be operating in silos, not necessarily focused on security postures of their counterparts.

An image of Microsoft Secure Score.

 

Azure Secure Score

You’ll also find Secure Score in the Azure Security Center blade where it provides recommendations front and center, and a color-coded circular graph on important hybrid infrastructure configurations and hygiene.

An image of Secure Score in the Azure Security Center.

Drilling deeper, here we see a variety of recommendations to address specific findings.  For example, the top line item is advice to ‘remediate vulnerabilities’, indicating that 35 of 59 resources that ASC is monitoring are in some way not optimized for security. optimized for security.

An image of variety of recommendations to address specific findings.

Going a level further into the ‘secure management ports’ finding, we see a sub-heading list of actions you can take specific to these resources’ settings. Fortunately, in this case, the administrator has addressed previously-discovered findings, leaving just three to-do’s under the third subheading. For added convenience, the red/green color-coding on the far right draws your attention.

An image of the ‘secure management ports’ finding.

Clicking on the third item above shows you a description of what ASC has found, along with remediation steps.  You have two options to remediate:  more broadly enable and require ‘just in time’ VM access; or, manually enable JIT for each resource. Again, Microsoft wants to incentivize and make it easier for your organization to take more holisitic and proactive steps across your resources such as enabling important settings by default; but we in no way penalize you for the security settings that you implement.

An image of a description of what ASC has found, along with remediation steps.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Security: Use baseline default tools to accelerate your security career appeared first on Microsoft Security.

3 ways Microsoft 365 can help you reduce helpdesk costs

September 3rd, 2020 No comments

With more people than ever working remotely, organizations must maximize employee productivity while protecting an ever-growing digital footprint. Many have stitched together specialized security solutions from different vendors to improve their cybersecurity posture, but this approach is expensive and can result in gaps in coverage and a fragmented user experience. With Microsoft’s integrated security solutions, you can enhance security and user productivity more cost-effectively.

Focusing a lens on the helpdesk illuminates how consolidating with Microsoft helps streamline and strengthen your security posture. Your helpdesk plays an important role in enabling employees to be more effective, but it can also reveal organization-wide productivity challenges. Productivity matters because if security controls are too cumbersome, employees will find workarounds. In this blog, I’ll highlight three examples of how Microsoft 365 can help you reduce costs while strengthening cybersecurity.

1. Reduce password reset calls by 75 percent

One of the most common reasons that employees call the helpdesk is to reset their password. These calls result in a loss of productivity for employees who are locked out of their accounts. They also require employees and helpdesk analysts to take time out of their busy days to work through steps to reset the password. With a high volume of calls, the costs add up.

The best way to reduce password reset calls is to eliminate passwords entirely. Microsoft has built in support for passwordless authentication methods such as biometrics, FIDO-2 security keys, and PINs into all our products and services. Because they are encrypted and stored locally on your users devices, these methods are more secure than passwords and easier for employees—and they can reduce your costs. When Microsoft rolled out passwordless to our employees the hard and soft costs of supporting passwords fell by 87 percent.

Deploying passwordless is a phased journey and not everyone is ready to start that process now, so it’s important to also improve productivity for password users. Azure Active Directory (Azure AD) is an identity and access management solution that allows users to sign in to all their on-premises and cloud apps with one set of credentials—whether they use passwords or passwordless methods. With single sign-on employees will have far fewer passwords to remember; however, sometimes they may still forget or Azure AD may force them to reset a password if an account appears compromised. In either case, Azure AD self-service password reset lets employees unblock their accounts, on their time, via an online portal.

According to a new study, The Total Economic Impact™ of Securing Apps with Microsoft Azure Active Directory, Azure AD self-service password reset can reduce the number of password reset calls per month by 75 percent. In this commissioned study, Forrester Consulting developed a composite organization based on interviews with four customers in different industries who have used Azure AD for years. Deploying Azure AD self-service password reset resulted in a return on investment of USD 1.7 million over three years.

 

2. Streamline Windows 10 upgrade path

Twice a year Microsoft releases new features and security capabilities for Windows 10. Typically, users are able to download the new operating system and quickly get back to work—but if you use a non-Microsoft product for endpoint detection or antivirus, it can complicate the process.

When a non-Microsoft vendor’s security product is not compatible with a new version of Windows 10, it prevents users from upgrading. This can be confusing for employees, who call the helpdesk for assistance. In addition to facilitating these calls, your team must also run software compatibility testing once a new version of the security software is released. Meanwhile, your company can’t take advantage of the productivity and security features available in the latest version of Windows 10.

To reduce dependencies without compromising security, turn on Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Microsoft Defender ATP helps you protect, detect, and respond to advanced attacks against all your endpoints. Microsoft Defender Antivirus, a Microsoft Defender ATP capability, uses artificial intelligence and machine learning to find and block malware and other viruses. Both solutions are designed to work together and are integrated with Windows 10, which reduces the likelihood of helpdesk calls during the upgrade process.

An image of Microsoft Defender ATP.

3. Empower uses to manage their devices

A third driver of helpdesk calls is device management. Any time an employee needs help with a device, such as when they start a new job or want to use a personal device to access email, a helpdesk analyst is often involved. The analyst sets up devices with the appropriate applications and permissions and troubleshoots challenges with access.

As the way we work has changed, people no longer access corporate resources solely from the office using company-provided devices. Reading emails from a coffee shop on a personal phone or reviewing presentations from a tablet makes working more convenient, but it can also introduce security challenges. Employees may not upgrade their devices or apply security patches in a timely manner. They sometimes, unknowingly, download apps with security flaws. Attackers leverage these vulnerabilities to gain access to sensitive company resources.

An image showing how Attackers leverage use vulnerabilities to gain access to sensitive company resources.

Microsoft Endpoint Manager makes it easier to provision, update, and manage personal and business laptops and mobile devices with support for Windows, MacOS, iOS, and Android Enterprise. Integration with Azure AD enables employees to use Microsoft Intune Portal to enroll both corporate-owned and personal devices without helpdesk intervention. Intune automatically installs appropriate apps, or you can allow employees to choose apps through the portal.

With Microsoft Endpoint Manager, you can also enforce security policies on all enrolled devices. For example, you can require that employees use the most current operating system to access corporate resources. You can define PIN requirements or install threat protection software. If users don’t want to enroll their device, mobile app management capabilities let you isolate organizational data from personal data. These policies are defined globally and automatically applied when users register devices, streamlining the process for everyone.

An image showing how Microsoft 365 security solutions work across identities, endpoints, emails, apps, data, clouds, networks, and IOT devices

Microsoft 365 security solutions work across identities, endpoints, emails, apps, data, clouds, networks, and IoT devices to detect, block, and elevate threats. Consolidate with Microsoft to strengthen security, simplify the user experience, and reduce helpdesk costs.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post 3 ways Microsoft 365 can help you reduce helpdesk costs appeared first on Microsoft Security.

Microsoft Security: How to cultivate a diverse cybersecurity team

August 31st, 2020 No comments

Boost creative problem solving with a diverse cybersecurity team

In cybersecurity, whether we are talking about cryptocurrency mining, supply chain attacks, attacks against IoT, or COVID-19-related phishing lures, we know that gaining the advantage over our adversaries requires greater diversity of data to improve our threat intelligence. If we are to future proof bias in tech however, our teams must also be as diverse, as the problems we are trying to solve.

Unfortunately, our cybersecurity teams don’t reflect this reality. A 2019 report by (ISC)2 found that less than 25 percent of cybersecurity professionals are women. People of color and women aren’t paid as well as white men and are underrepresented in management. Time and again, studies have found that gender-diverse teams make better business decisions 73 percent of the time. What’s more, teams that are also diverse in age and geographic location make better decisions 87 percent of the time. With a talent shortfall estimated between 1.5 million and 3.5 million, we must recruit, train, and retain cyber talent from a wide variety of backgrounds in order to maintain our advantage.

Diversity fuels innovation

You can see the evidence that diversity drives innovation when you look at artificial intelligence (AI) and machine learning. The AI capabilities built into Microsoft Security solutions are trained on 8 trillion daily threat signals from a wide variety of products, services, and feeds from around the globe (see Figure 1). Because the data is diverse, AI and machine learning algorithms can detect threats in milliseconds.

A graph showing Microsoft Intelligent Security.

Figure 1: Trillions of signals from around the globe allow Microsoft Security solutions to rapidly detect and respond to threats.

Just last year, the World Economic Forum complied several studies that provide further evidence that diversity sparks innovation. Cities with large immigration populations tend to have higher economic performance. Businesses with more diverse management teams have higher revenues. A C-suite with more women is likely to be more profitable. When people with different backgrounds and experiences collaborate, unique ideas can flourish. What’s more, if you want to build technology solutions that are inclusive of everyone, diverse teams help avoid bias and develop features that meet the needs of more people.

So how do you increase the diversity of your team? Expand the pipeline. Invest in your team. And create an inclusive culture.

Expand the pipeline

To recruit the very best people from all backgrounds, start by prioritizing unique perspectives. Machine learning, artificial intelligence, and quantum computing hold promise for addressing cyber threats; however, technology is not enough. Some problems can only be solved by people. You need teams that can anticipate what’s next and respond quickly in high-stress situations.

If everybody on the team has similar skills and backgrounds, you risk group think and a lack of creativity. It’s why diverse teams make better decisions than individuals 87 percent of the time (all-male teams only make better decisions than individuals 58 percent of the time).

To attract the diverse talent you need, expand your criteria. Look beyond the typical degrees, experience level, and certifications that you typically recruit for. Leverage training programs that help people acquire the technical skills you need. For example, BlackHoodie is a reverse engineering program for women. Consider people without college degrees, veterans, and people looking to switch careers. Work with colleges and other groups that represent disadvantaged communities, such as historically black colleges and universities.

Invest in your team

Cybersecurity teams around the globe are understaffed, while the amount of work continues to grow. Security operation center (SOC) analysts suffer from alert fatigue because they must monitor thousands of alerts—many of them false positives. Stress levels are high, and individuals work long hours. These work conditions can lead to burnout, which makes people less effective.

Reduce routine tasks with AI, machine learning, and automation. AI, machine learning, and automation can empower your team by reducing the noise, so people can focus on challenging threats that are, frankly, more fun. Azure Sentinel is a cloud-native SIEM that uses state of the art, scalable machine learning algorithms to correlate millions of low fidelity anomalies to present a few high-fidelity security incidents to analysts. Our research has shown that customers who use Azure Sentinel achieved a 90 percent reduction in alert fatigue.

: Azure Sentinel makes it easy to collect security data across your entire hybrid organization from devices, to users, to apps, to servers on any cloud.An image showing how Figure 2: Azure Sentinel makes it easy to collect security data across your entire hybrid organization from devices, to users, to apps, to servers on any cloud.

Provide growth opportunities and training. The threat landscape changes rapidly requiring security professionals to continuously upgrade their skills. Human beings also need new challenges to stay engaged. Provide opportunities for everyone to use creative problem-solving skills. Encourage individuals to learn from each other, such as through an apprenticeship program. Offer regular training for people at all levels of your organization. The Microsoft SOC focuses its training programs on three key areas:

  • Technical tools/capabilities.
  • Our organization (mission and assets being protected).
  • Attackers (motivations, tools, techniques, habits, etc.).

Take care of employees’ mental health. Stress is driving too many people to leave cybersecurity. In fact, stress has motivated 66 percent of IT professionals to look for a new job. Fifty-one percent would be willing to take a pay cut for less stress. Late nights and high-pressure incident response take a toll on employees. In these circumstances, it’s important to respect time off. People should be able to enjoy their days off without worrying about work. A collaborative culture that is forgiving of mistakes can also reduce the pressure. Ask your team how they are doing and really listen when they tell you. Their answers may trigger a great idea for alleviating stress.

Create an inclusive culture

People go where they are invited, but they stay where they are welcome. As you bring new people into your security organization, foster an environment where everybody feels accepted. All ideas should be listened to and considered. People who express ideas that challenge old methods can lead to breakthroughs and creativity. Here are a few ideas for making sure everyone feels included:

  • Solicit input from everybody, so you don’t just hear from those that are comfortable speaking up.
  • Provide mentorship and sponsorship programs for women and other underrepresented groups to help prepare them for advancement
  • Expand your definition of diversity to include neuro atypical, nonbinary, LGBTQ, religious affiliation, and education level in addition to race and gender.
  • Make a conscious effort to evaluate performance, not communication or presentation style.
  • Hold leadership and vendors accountable for diversity metrics.

As we look past the COVID-19 pandemic, we can expect that cybersecurity challenges will continue to evolve. AI, machine learning, and quantum computing will shape our response, but technology will not be enough. We need creative people to build our products, design our security programs, and respond to threats. We need teams that are diverse as the problems we face.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Security: How to cultivate a diverse cybersecurity team appeared first on Microsoft Security.

Microsoft Security: What cybersecurity skills do I need to become a CISO?

August 31st, 2020 No comments

Build the business skills you need to advance to Chief Information Security Officer

For many cybersecurity professionals, the ultimate career goal is to land a chief information security officer (CISO) job. A CISO is an executive-level position responsible for cyber risk management and operations. But cybersecurity is transforming. Today, a good CISO also must have strong communication skills and a deep understanding of the business. To gain the necessary experience to be considered for a CISO job, you need to understand how the role is evolving and the skills required to excel.

Long before I became a Security Advisor at Microsoft, I started my career as an IT System Administrator. Over time I learned security and worked my way up to CISO and, have served as a CISO in a variety of companies and industries. I’ve mentored several people interested in accelerating their careers in cybersecurity, and one of the biggest mistakes that you can make in your career in IT and Security is ignoring businesspeople. The more you advance, the more you will need to understand and work with the business. In this blog, I’ll provide tips for helping you get more comfortable in that role.

From technologist and guardian to strategist and advisor

As organizations digitize their products, services, and operations to take advantage of the cloud, their ability to effectively leverage technology has become integral to their success. It has also created more opportunities for cybercriminals. Companies of all sizes have been forced to pay fines, suffered reputational harm, and expended significant resources recovering from an attack. A cyber incident isn’t just a technology risk; it’s a business risk. When making decisions, boards and executive teams now need to evaluate the likelihood of a data breach in addition to financial loss or operational risks. A good CISO helps them do this.

According to research by Deloitte, there are four facets of a CISO: the technologist, the guardian, the strategist, and the advisor. You are probably already familiar with the technologist and guardian roles. As a technologist, the CISO is responsible for guiding the deployment and management of security technology and standards. In the guardian role, the CISO monitors and adjusts programs and controls to continuously improve security.

But technical controls and standards will not eliminate cyberattacks and the CISO does not have control over all the decisions that increase the likelihood of a breach. Therefore the roles of strategist and advisor have taken on greater importance. As a strategist, the CISO needs to align security with business strategy to determine how security investments can bring value to the organization. As an advisor, the CISO helps business owners and the executive team understand cybersecurity risks so that they can make informed decisions. To excel at these roles, it’s important to get knowledgeable about the business, understand risk management, and improve your communication skills.

A graphic showing how to understand risk management, and improve your communication skills.

Acquiring the skills to become a good strategist and advisor

If you are already in the cybersecurity profession and interested in growing into a CISO role, you are probably most comfortable with the technologist and guardian roles. You can elevate your technical skills by trying to get experience and certifications in a variety of areas, so that you understand threat analysis, threat hunting, compliance, ethical hacking, and system auditing, but also find time to work on the following leadership skills.

  • Understand the business: The most important step you can take to prepare yourself for an executive-level role is to learn to think like a businessperson. Who are your customers? What are the big opportunities and challenges in your industry? What makes your company unique? What are its weaknesses? What business strategies drive your organization? Pay attention to corporate communications and annual reports to discover what leadership prioritizes and why they have made certain decisions. Read articles about your industry to get a broader perspective about the business environment and how your company fits in. This research will help you make smarter decisions about how to allocate limited resources to protect company assets. It will also help you frame your arguments in a way the business can hear. For example, if you want to convince your organization to upgrade the firewall, they will be more convinced if you can explain how a security incident will affect the company’s relationship with customers or investors.
  • Learn risk management: Smart companies routinely take strategic risks to advance their goals. Businesses seize opportunities to launch new products or acquire a competitor that will make them more valuable in the market. But these decisions can result in failure or huge losses. They can also put the company at risk of a cyberattack.Risk management is a discipline that seeks to understand the upsides and downsides of action and eliminate or mitigate risks if possible. By comparing the likelihood of various options, the return on investment if the venture is successful, and the potential loss if it fails, managers can make informed decisions. CISOs help identify and quantify the cybersecurity risks that should be considered alongside financial and operational risks.
  • Improve your communication skills: To be a good advisor and strategist, you will need to communicate effectively with people with a variety of agendas and backgrounds. One day you’ll need to coach a very technical member of your team, the next you may need to participate in a business decision at the executive level or even be asked to present to the board of directors.A communication plan can help you refine your messages for your audience. To begin practicing these skills now, try to understand the goals of the people you talk to on a regular basis. What are their obstacles? Can you frame security communications in terms that will help them overcome those challenges? Take a moment to put yourself in someone else’s shoes before meetings, hallway conversations, emails, and chats. It can make a real difference!

A good communication plan delivers targeted security messages:A chart showing a good communication plan.
In recent years, the role of the CISOs has been elevated to a senior executive that the board counts on for strategic security advice. In fact, we should rename the position, Chief Influencer Security Officer! Building leadership skills like risk management and communication will help you step into this increasingly important role.

As you embark on the career journey of CISO, it is always good to get a perspective from other CISOs in the Industry and lessons they have learned.   Please feel free to listen to the podcast on my journey from System Administrator to CISO and watch our CISO spotlight episodes where our Microsoft CISO talks about how to present to the board of directors along with other tips and lessons learned.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

 

The post Microsoft Security: What cybersecurity skills do I need to become a CISO? appeared first on Microsoft Security.

Rethinking IoT/OT Security to Mitigate Cyberthreats

August 26th, 2020 No comments

We live in an exciting time. We’re in the midst of the fourth industrial revolution—first steam, followed by electricity, then computers, and, now, the Internet of Things.

A few years ago, IoT seemed like a futuristic concept that was on the distant horizon. The idea that your fridge would be connected to the internet, constantly uploading and downloading data and ordering things on its own, like new filters or groceries, seemed laughable. Why would anyone want or need such a thing?

Now, IoT and other embedded and operational technologies (OT) are far more pervasive in our lives than anyone could have imagined. Robotics, chemical and pharmaceutical production, power generation, oil production, transportation, mining, healthcare devices, building management systems, and seemingly everything else is becoming part of a smart, interconnected, machine-learning powered system. Machines can now monitor themselves, diagnose problems, and then reconfigure and improve based on the data.

The threat is real

It’s an exciting time, but it’s also an alarming time, especially for CISOs (Chief Information Security Officers) working diligently to employ risk mitigation and keep their companies secure from cyberthreats. Billions of new IoT devices go online each year, and as these environments become more connected with digitization initiatives, their attack surfaces grow.

From consumer goods to manufacturing systems to municipal operations like the power grid, it all needs data protection. The threat is very real. Take the Mirai botnet hack, for example. 150,000 cameras hacked and turned into a botnet that blocked internet access for large portions of the US. We have also seen destructive and rapidly spreading ransomware attacks, like NotPetya, cripple manufacturing and port operations around the globe.  However, existing IT security solutions cannot solve those problems due to the lack of standardized network protocols for such devices and the inability to certify device-specific products and deploy them without impacting critical operations.  So, what exactly is the solution? What do people need to do to resolve the IoT security problem?

Working to solve this problem is why Microsoft has joined industry partners to create the Open Source Security Foundation as well as acquired IoT/OT security leader CyberX. This integration between CyberX’s IoT/OT-aware behavioral analytics platform and Azure unlocks the potential of unified security across converged IT and industrial networks. And, as a complement to the embedded, proactive IoT device security of Microsoft Azure Sphere, CyberX IoT/OT provides monitoring and threat detection for devices that have not yet upgraded to Azure Sphere security. Used together, CyberX and Azure Sphere can give you visibility to what’s happening in your environment while actively preventing exploitation of your connected equipment. The goal is to achieve the mission of securing every unmanaged device to help protect critical operations.

Both Microsoft and CyberX have managed to help protect a large number of enterprises around the world—including leading organizations in manufacturing, pharmaceuticals and healthcare, power utilities, oil and gas companies, data centers, and more, at a global scale.

This success is due to taking a completely different approach, an innovative solution that prioritizes ease of deployment and use—to provide a security solution custom-built for OT and industrial control systems. So, what do you need to do that?

Let’s sit in a plant. Imagine that the process keeps on running, so from an operational perspective, all is fine. But even if operations are moving smoothly, you don’t know if someone is trying to hack your systems, steal your IP, or disrupt your day-to-day processes—you wouldn’t know that until the processes are disrupted, and by then, it’s too late.

To catch these threats, you need to understand what you have, understand the process interaction, validate access to the resources, and understand root cause analysis from other breaches. From a technology perspective, to gain this level of understanding, you need automated and intelligent asset visibility, behavioral analytics capable of understanding OT/IoT behavior, vulnerability management, and threat hunting. To defend against these threats, you will want to deploy an IoT device security solution that implements critical security properties, including defense in-depth, error reporting, and renewable security, that will help keep your connected devices and equipment protected over time.

Where to go from here

For any business looking to learn more about IoT/OT security, a good place to start is by downloading CyberX’s global IoT/ICS risk report. This free report provides a data-driven analysis of vulnerabilities in our Internet of Things (IoT) and industrial control systems (ICS) infrastructure.

Based on data collected in the past 12 months from 1,821 production IoT/ICS networks—across a diverse mix of industries worldwide—the analysis was performed using passive, agentless monitoring with patented deep packet inspection (DPI) and Network Traffic Analysis (NTA). The data shows that IoT/ICS environments continue to be soft targets for adversaries, with security gaps in key areas such as:

  • Outdated operating systems
  • Unencrypted passwords
  • Remotely accessible devices
  • Unseen indicators of threats
  • Direct internet connections

To learn more about protecting your critical equipment and devices with layered and renewable security, we recommend reading The seven properties of highly secured devices. To understand how these properties are implemented in Azure Sphere, you can download The 19 best practices for Azure Sphere.

These are key resources for any businesses looking to increase their IoT security and help mitigate cyberthreats to their organization’s systems and data.

Learn more

Tackling the IoT security threat is a big, daunting project, but Microsoft is committed to helping solve them through innovation and development efforts that empower businesses across the globe to operate more safely and securely.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

To learn more about protecting your critical equipment and devices with layered and renewable security, reach out to your Microsoft account team and we recommend reading The seven properties of highly secured devices.

The post Rethinking IoT/OT Security to Mitigate Cyberthreats appeared first on Microsoft Security.

How do I implement a Zero Trust security model for my Microsoft remote workforce?

August 24th, 2020 No comments

Digital empathy should guide your Zero Trust implementation

Zero Trust has always been key to maintaining business continuity. And now, it’s become even more important during the COVID-19 pandemic to helping enable the largest remote workforce in history. While organizations are empowering people to work securely when, where, and how they want, we have found the most successful are the ones who are also empathetic to the end-user experience. At Microsoft, we refer to this approach as digital empathy. As you take steps to protect a mobile workforce, a Zero Trust strategy grounded in digital empathy will help enhance cybersecurity, along with productivity and collaboration too.

This was one of a few important topics that I recently discussed during a cybersecurity fireside chat with industry thought leader, Kelly Bissell, Global Managing Director of Security Accenture. Accenture, one of Microsoft’s most strategic partners, helps clients use Microsoft 365 to implement a Zero Trust strategy that is inclusive of everyone. “How do we make working from home both convenient and secure for employees during this time of constant change and disruption,” has become a common question both Kelly and I hear from organizations as we discuss the challenges of maintaining business continuity while adapting to this new world—and beyond. I encourage everyone to explore these points more deeply by watching my entire conversation with Kelly.

Our long-term Microsoft-Accenture security relationship helps customers navigate the current environment and emerge even stronger as we look past the pandemic. The following are some of the key steps shared during our conversation that you can take to begin applying digital empathy and Zero Trust to your organization.

Protect your identities with Azure Active Directory

Zero Trust is an “assume breach” security posture that treats each request for access as a unique risk to be evaluated and verified. This starts with strong identity authentication. Azure Active Directory (Azure AD) is an identity and secure access management (IAM) solution that you can connect to all your apps including Microsoft apps, non-Microsoft cloud apps, and on-premises apps. Employees sign in once using a single set of credentials, simplifying access. To make it even easier for users, deploy Azure AD solutions like passwordless authentication, which eliminates the need for users to memorize passwords. Multi-factor authentication (MFA) is one of the most important things you can do to help secure employee accounts, so implement MFA for 100 percent of your users, 100 percent of the time.

According to a new Forrester report, The Total Economic Impact™ of Securing Apps with Microsoft Azure Active Directory, customers who secure apps with Microsoft Azure Active Directory can improve user productivity, reduce costs, and gain IT efficiencies to generate a 123 % return on investment.

Secure employee devices

Devices present another opportunity for bad actors to infiltrate your organization. Employees may run old operating systems or download vulnerable apps on their personal devices. With Microsoft Endpoint Manager, you can guide employees to keep their devices updated. Conditional Access policies allow you to limit or block access to devices that are unknown or don’t comply with your security policies.

An endpoint detection and response (EDR) solution like Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) can help you detect attacks and automatically block sophisticated malware. Each Microsoft Defender ATP license covers up to five devices per user.

Discover and manage cloud apps

Cloud apps have proliferated in today’s workplace. They are so easy to use that IT departments are often not aware of which cloud apps their employees access. Microsoft Cloud App Security is a cloud app security broker (CASB) that allows you to discover all the apps used in your network. Cloud App Security’s risk catalog includes over 16,000 apps that are assessed using over 80 risk factors. Once you understand the risk profile of the apps in your network, you can decide whether to allow access, block access, or onboard it on to Azure AD.

Employees are busy in the best of times. Today, with many working from home for the first time—often in a full house—their stress may be compounded. By simplifying the sign-in process and protecting data on apps and devices, Microsoft 356 security solutions like Azure AD, Microsoft Defender ATP, and Cloud App Security, make it easier for employees to work remotely while improving security for the organization.

Digital empathy and Zero Trust are also two of the five security paradigm shifts that will lead to more inclusive user experiences. Next month, I will provide more details about two additional paradigm shifts, the diversity of data, and integrated security solutions.

CTA: To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Follow Ann Johnson @ajohnsocyber for Microsoft’s latest cybersecurity investments and @MSFTSecurity for the latest news and updates on cybersecurity.

The post How do I implement a Zero Trust security model for my Microsoft remote workforce? appeared first on Microsoft Security.

How do I implement a Zero Trust security model for my Microsoft remote workforce?

August 24th, 2020 No comments

Digital empathy should guide your Zero Trust implementation

Zero Trust has always been key to maintaining business continuity. And now, it’s become even more important during the COVID-19 pandemic to helping enable the largest remote workforce in history. While organizations are empowering people to work securely when, where, and how they want, we have found the most successful are the ones who are also empathetic to the end-user experience. At Microsoft, we refer to this approach as digital empathy. As you take steps to protect a mobile workforce, a Zero Trust strategy grounded in digital empathy will help enhance cybersecurity, along with productivity and collaboration too.

This was one of a few important topics that I recently discussed during a cybersecurity fireside chat with industry thought leader, Kelly Bissell, Global Managing Director of Security Accenture. Accenture, one of Microsoft’s most strategic partners, helps clients use Microsoft 365 to implement a Zero Trust strategy that is inclusive of everyone. “How do we make working from home both convenient and secure for employees during this time of constant change and disruption,” has become a common question both Kelly and I hear from organizations as we discuss the challenges of maintaining business continuity while adapting to this new world—and beyond. I encourage everyone to explore these points more deeply by watching my entire conversation with Kelly.

Our long-term Microsoft-Accenture security relationship helps customers navigate the current environment and emerge even stronger as we look past the pandemic. The following are some of the key steps shared during our conversation that you can take to begin applying digital empathy and Zero Trust to your organization.

Protect your identities with Azure Active Directory

Zero Trust is an “assume breach” security posture that treats each request for access as a unique risk to be evaluated and verified. This starts with strong identity authentication. Azure Active Directory (Azure AD) is an identity and secure access management (IAM) solution that you can connect to all your apps including Microsoft apps, non-Microsoft cloud apps, and on-premises apps. Employees sign in once using a single set of credentials, simplifying access. To make it even easier for users, deploy Azure AD solutions like passwordless authentication, which eliminates the need for users to memorize passwords. Multi-factor authentication (MFA) is one of the most important things you can do to help secure employee accounts, so implement MFA for 100 percent of your users, 100 percent of the time.

According to a new Forrester report, The Total Economic Impact™ of Securing Apps with Microsoft Azure Active Directory, customers who secure apps with Microsoft Azure Active Directory can improve user productivity, reduce costs, and gain IT efficiencies to generate a 123 % return on investment.

Secure employee devices

Devices present another opportunity for bad actors to infiltrate your organization. Employees may run old operating systems or download vulnerable apps on their personal devices. With Microsoft Endpoint Manager, you can guide employees to keep their devices updated. Conditional Access policies allow you to limit or block access to devices that are unknown or don’t comply with your security policies.

An endpoint detection and response (EDR) solution like Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) can help you detect attacks and automatically block sophisticated malware. Each Microsoft Defender ATP license covers up to five devices per user.

Discover and manage cloud apps

Cloud apps have proliferated in today’s workplace. They are so easy to use that IT departments are often not aware of which cloud apps their employees access. Microsoft Cloud App Security is a cloud app security broker (CASB) that allows you to discover all the apps used in your network. Cloud App Security’s risk catalog includes over 16,000 apps that are assessed using over 80 risk factors. Once you understand the risk profile of the apps in your network, you can decide whether to allow access, block access, or onboard it on to Azure AD.

Employees are busy in the best of times. Today, with many working from home for the first time—often in a full house—their stress may be compounded. By simplifying the sign-in process and protecting data on apps and devices, Microsoft 356 security solutions like Azure AD, Microsoft Defender ATP, and Cloud App Security, make it easier for employees to work remotely while improving security for the organization.

Digital empathy and Zero Trust are also two of the five security paradigm shifts that will lead to more inclusive user experiences. Next month, I will provide more details about two additional paradigm shifts, the diversity of data, and integrated security solutions.

CTA: To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Follow Ann Johnson @ajohnsocyber for Microsoft’s latest cybersecurity investments and @MSFTSecurity for the latest news and updates on cybersecurity.

The post How do I implement a Zero Trust security model for my Microsoft remote workforce? appeared first on Microsoft Security.

How do I implement a Zero Trust security model for my Microsoft remote workforce?

August 24th, 2020 No comments

Digital empathy should guide your Zero Trust implementation

Zero Trust has always been key to maintaining business continuity. And now, it’s become even more important during the COVID-19 pandemic to helping enable the largest remote workforce in history. While organizations are empowering people to work securely when, where, and how they want, we have found the most successful are the ones who are also empathetic to the end-user experience. At Microsoft, we refer to this approach as digital empathy. As you take steps to protect a mobile workforce, a Zero Trust strategy grounded in digital empathy will help enhance cybersecurity, along with productivity and collaboration too.

This was one of a few important topics that I recently discussed during a cybersecurity fireside chat with industry thought leader, Kelly Bissell, Global Managing Director of Security Accenture. Accenture, one of Microsoft’s most strategic partners, helps clients use Microsoft 365 to implement a Zero Trust strategy that is inclusive of everyone. “How do we make working from home both convenient and secure for employees during this time of constant change and disruption,” has become a common question both Kelly and I hear from organizations as we discuss the challenges of maintaining business continuity while adapting to this new world—and beyond. I encourage everyone to explore these points more deeply by watching my entire conversation with Kelly.

Our long-term Microsoft-Accenture security relationship helps customers navigate the current environment and emerge even stronger as we look past the pandemic. The following are some of the key steps shared during our conversation that you can take to begin applying digital empathy and Zero Trust to your organization.

Protect your identities with Azure Active Directory

Zero Trust is an “assume breach” security posture that treats each request for access as a unique risk to be evaluated and verified. This starts with strong identity authentication. Azure Active Directory (Azure AD) is an identity and secure access management (IAM) solution that you can connect to all your apps including Microsoft apps, non-Microsoft cloud apps, and on-premises apps. Employees sign in once using a single set of credentials, simplifying access. To make it even easier for users, deploy Azure AD solutions like passwordless authentication, which eliminates the need for users to memorize passwords. Multi-factor authentication (MFA) is one of the most important things you can do to help secure employee accounts, so implement MFA for 100 percent of your users, 100 percent of the time.

According to a new Forrester report, The Total Economic Impact™ of Securing Apps with Microsoft Azure Active Directory, customers who secure apps with Microsoft Azure Active Directory can improve user productivity, reduce costs, and gain IT efficiencies to generate a 123 % return on investment.

Secure employee devices

Devices present another opportunity for bad actors to infiltrate your organization. Employees may run old operating systems or download vulnerable apps on their personal devices. With Microsoft Endpoint Manager, you can guide employees to keep their devices updated. Conditional Access policies allow you to limit or block access to devices that are unknown or don’t comply with your security policies.

An endpoint detection and response (EDR) solution like Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) can help you detect attacks and automatically block sophisticated malware. Each Microsoft Defender ATP license covers up to five devices per user.

Discover and manage cloud apps

Cloud apps have proliferated in today’s workplace. They are so easy to use that IT departments are often not aware of which cloud apps their employees access. Microsoft Cloud App Security is a cloud app security broker (CASB) that allows you to discover all the apps used in your network. Cloud App Security’s risk catalog includes over 16,000 apps that are assessed using over 80 risk factors. Once you understand the risk profile of the apps in your network, you can decide whether to allow access, block access, or onboard it on to Azure AD.

Employees are busy in the best of times. Today, with many working from home for the first time—often in a full house—their stress may be compounded. By simplifying the sign-in process and protecting data on apps and devices, Microsoft 356 security solutions like Azure AD, Microsoft Defender ATP, and Cloud App Security, make it easier for employees to work remotely while improving security for the organization.

Digital empathy and Zero Trust are also two of the five security paradigm shifts that will lead to more inclusive user experiences. Next month, I will provide more details about two additional paradigm shifts, the diversity of data, and integrated security solutions.

CTA: To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Follow Ann Johnson @ajohnsocyber for Microsoft’s latest cybersecurity investments and @MSFTSecurity for the latest news and updates on cybersecurity.

The post How do I implement a Zero Trust security model for my Microsoft remote workforce? appeared first on Microsoft Security.

How do I implement a Zero Trust security model for my Microsoft remote workforce?

August 24th, 2020 No comments

Digital empathy should guide your Zero Trust implementation

Zero Trust has always been key to maintaining business continuity. And now, it’s become even more important during the COVID-19 pandemic to helping enable the largest remote workforce in history. While organizations are empowering people to work securely when, where, and how they want, we have found the most successful are the ones who are also empathetic to the end-user experience. At Microsoft, we refer to this approach as digital empathy. As you take steps to protect a mobile workforce, a Zero Trust strategy grounded in digital empathy will help enhance cybersecurity, along with productivity and collaboration too.

This was one of a few important topics that I recently discussed during a cybersecurity fireside chat with industry thought leader, Kelly Bissell, Global Managing Director of Security Accenture. Accenture, one of Microsoft’s most strategic partners, helps clients use Microsoft 365 to implement a Zero Trust strategy that is inclusive of everyone. “How do we make working from home both convenient and secure for employees during this time of constant change and disruption,” has become a common question both Kelly and I hear from organizations as we discuss the challenges of maintaining business continuity while adapting to this new world—and beyond. I encourage everyone to explore these points more deeply by watching my entire conversation with Kelly.

Our long-term Microsoft-Accenture security relationship helps customers navigate the current environment and emerge even stronger as we look past the pandemic. The following are some of the key steps shared during our conversation that you can take to begin applying digital empathy and Zero Trust to your organization.

Protect your identities with Azure Active Directory

Zero Trust is an “assume breach” security posture that treats each request for access as a unique risk to be evaluated and verified. This starts with strong identity authentication. Azure Active Directory (Azure AD) is an identity and secure access management (IAM) solution that you can connect to all your apps including Microsoft apps, non-Microsoft cloud apps, and on-premises apps. Employees sign in once using a single set of credentials, simplifying access. To make it even easier for users, deploy Azure AD solutions like passwordless authentication, which eliminates the need for users to memorize passwords. Multi-factor authentication (MFA) is one of the most important things you can do to help secure employee accounts, so implement MFA for 100 percent of your users, 100 percent of the time.

According to a new Forrester report, The Total Economic Impact™ of Securing Apps with Microsoft Azure Active Directory, customers who secure apps with Microsoft Azure Active Directory can improve user productivity, reduce costs, and gain IT efficiencies to generate a 123 % return on investment.

Secure employee devices

Devices present another opportunity for bad actors to infiltrate your organization. Employees may run old operating systems or download vulnerable apps on their personal devices. With Microsoft Endpoint Manager, you can guide employees to keep their devices updated. Conditional Access policies allow you to limit or block access to devices that are unknown or don’t comply with your security policies.

An endpoint detection and response (EDR) solution like Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) can help you detect attacks and automatically block sophisticated malware. Each Microsoft Defender ATP license covers up to five devices per user.

Discover and manage cloud apps

Cloud apps have proliferated in today’s workplace. They are so easy to use that IT departments are often not aware of which cloud apps their employees access. Microsoft Cloud App Security is a cloud app security broker (CASB) that allows you to discover all the apps used in your network. Cloud App Security’s risk catalog includes over 16,000 apps that are assessed using over 80 risk factors. Once you understand the risk profile of the apps in your network, you can decide whether to allow access, block access, or onboard it on to Azure AD.

Employees are busy in the best of times. Today, with many working from home for the first time—often in a full house—their stress may be compounded. By simplifying the sign-in process and protecting data on apps and devices, Microsoft 356 security solutions like Azure AD, Microsoft Defender ATP, and Cloud App Security, make it easier for employees to work remotely while improving security for the organization.

Digital empathy and Zero Trust are also two of the five security paradigm shifts that will lead to more inclusive user experiences. Next month, I will provide more details about two additional paradigm shifts, the diversity of data, and integrated security solutions.

CTA: To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Follow Ann Johnson @ajohnsocyber for Microsoft’s latest cybersecurity investments and @MSFTSecurity for the latest news and updates on cybersecurity.

The post How do I implement a Zero Trust security model for my Microsoft remote workforce? appeared first on Microsoft Security.

How do I implement a Zero Trust security model for my Microsoft remote workforce?

August 24th, 2020 No comments

Digital empathy should guide your Zero Trust implementation

Zero Trust has always been key to maintaining business continuity. And now, it’s become even more important during the COVID-19 pandemic to helping enable the largest remote workforce in history. While organizations are empowering people to work securely when, where, and how they want, we have found the most successful are the ones who are also empathetic to the end-user experience. At Microsoft, we refer to this approach as digital empathy. As you take steps to protect a mobile workforce, a Zero Trust strategy grounded in digital empathy will help enhance cybersecurity, along with productivity and collaboration too.

This was one of a few important topics that I recently discussed during a cybersecurity fireside chat with industry thought leader, Kelly Bissell, Global Managing Director of Security Accenture. Accenture, one of Microsoft’s most strategic partners, helps clients use Microsoft 365 to implement a Zero Trust strategy that is inclusive of everyone. “How do we make working from home both convenient and secure for employees during this time of constant change and disruption,” has become a common question both Kelly and I hear from organizations as we discuss the challenges of maintaining business continuity while adapting to this new world—and beyond. I encourage everyone to explore these points more deeply by watching my entire conversation with Kelly.

Our long-term Microsoft-Accenture security relationship helps customers navigate the current environment and emerge even stronger as we look past the pandemic. The following are some of the key steps shared during our conversation that you can take to begin applying digital empathy and Zero Trust to your organization.

Protect your identities with Azure Active Directory

Zero Trust is an “assume breach” security posture that treats each request for access as a unique risk to be evaluated and verified. This starts with strong identity authentication. Azure Active Directory (Azure AD) is an identity and secure access management (IAM) solution that you can connect to all your apps including Microsoft apps, non-Microsoft cloud apps, and on-premises apps. Employees sign in once using a single set of credentials, simplifying access. To make it even easier for users, deploy Azure AD solutions like passwordless authentication, which eliminates the need for users to memorize passwords. Multi-factor authentication (MFA) is one of the most important things you can do to help secure employee accounts, so implement MFA for 100 percent of your users, 100 percent of the time.

According to a new Forrester report, The Total Economic Impact™ of Securing Apps with Microsoft Azure Active Directory, customers who secure apps with Microsoft Azure Active Directory can improve user productivity, reduce costs, and gain IT efficiencies to generate a 123 % return on investment.

Secure employee devices

Devices present another opportunity for bad actors to infiltrate your organization. Employees may run old operating systems or download vulnerable apps on their personal devices. With Microsoft Endpoint Manager, you can guide employees to keep their devices updated. Conditional Access policies allow you to limit or block access to devices that are unknown or don’t comply with your security policies.

An endpoint detection and response (EDR) solution like Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) can help you detect attacks and automatically block sophisticated malware. Each Microsoft Defender ATP license covers up to five devices per user.

Discover and manage cloud apps

Cloud apps have proliferated in today’s workplace. They are so easy to use that IT departments are often not aware of which cloud apps their employees access. Microsoft Cloud App Security is a cloud app security broker (CASB) that allows you to discover all the apps used in your network. Cloud App Security’s risk catalog includes over 16,000 apps that are assessed using over 80 risk factors. Once you understand the risk profile of the apps in your network, you can decide whether to allow access, block access, or onboard it on to Azure AD.

Employees are busy in the best of times. Today, with many working from home for the first time—often in a full house—their stress may be compounded. By simplifying the sign-in process and protecting data on apps and devices, Microsoft 356 security solutions like Azure AD, Microsoft Defender ATP, and Cloud App Security, make it easier for employees to work remotely while improving security for the organization.

Digital empathy and Zero Trust are also two of the five security paradigm shifts that will lead to more inclusive user experiences. Next month, I will provide more details about two additional paradigm shifts, the diversity of data, and integrated security solutions.

CTA: To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Follow Ann Johnson @ajohnsocyber for Microsoft’s latest cybersecurity investments and @MSFTSecurity for the latest news and updates on cybersecurity.

The post How do I implement a Zero Trust security model for my Microsoft remote workforce? appeared first on Microsoft Security.

New Forrester study shows customers who deploy Microsoft Azure AD benefit from 123% ROI.

August 13th, 2020 No comments

Over the past six months, organizations around the world have accelerated digital transformation efforts to rapidly enable a remote workforce. As more employees than ever access apps via their home networks, the corporate network perimeter has truly disappeared, making identity the control plane for effective and secure access across all users and digital resources.

Businesses have responded to the pandemic by increasing budgets, adding staff, and accelerating deployment of cloud-based security technologies to stay ahead of phishing scams and to enable Zero Trust architectures. But the pressure to reduce costs is also real. Given COVID-19 and uncertain economic conditions, many of you are prioritizing security investments. But how should you allocate them? According to a new study, The Total Economic Impact™ of Securing Apps with Microsoft Azure Active Directory, investing in identity can not only help you accelerate your Zero Trust journey, it can also save you money and deliver more value. In this commissioned study, Forrester Consulting interviewed four customers in different industries who have used Azure AD for years. Forrester used these interviews to develop a composite organization. They found that customers securing apps with Azure AD can benefit from a 123 percent return on investment over three years in a payback period of six months.

An image showing the total econmic impact of securing apps with Microsoft Azure AD.

The customers interviewed improved user productivity, reduced costs, and gained IT efficiencies in the following areas[1]:

Increased worker productivity with secure and seamless access to all apps

Employees expect to collaborate on any project from anywhere using any app—especially now, when so many are working from home. But they find signing into multiple applications throughout the day frustrating and time-consuming. When you connect all your apps to Azure AD, employees sign in once using single sign-on (SSO). From there, they can easily access Microsoft apps like Microsoft Teams, software as a service (SaaS) apps like Box, on-premises apps like SAP Hana, and various custom line-of-business apps. Forrester estimates that consolidating to a single identity and access management solution and providing one set of credentials saves each employee 10 minutes a week on average, valued at USD 7.1 million over three years.

“Our CIO really didn’t like that anybody onboarding with our company was receiving—and this is not an exaggeration—two dozen credentials. In the executive branch, they took up to two weeks to get a new hire on their feet.” –Director of workplace technology, Electronics

Reduced costs by reducing the risk of a data breach

A data breach can be incredibly expensive for victims, who must recover not only their environments but also their reputations. Breaches often start with a compromised account, which is why it’s so important to protect your identities.

With Azure AD, you can secure all your applications and make it harder for attackers to acquire and use stolen credentials. You can ban common passwords, block legacy authentication, and protect your privileged identities. You can implement adaptive risk-based policies and enforce multi-factor authentication to ensure that only the right users have the right access. Forrester found that using these Azure AD features can help organizations reduce the risk of a data breach, saving them an estimated USD 2.2 million over a three-year period.

“Conditional Access was non-negotiable as we moved to the cloud. We had to be able to apply policies that scoped applications, users, devices, and risk states. You can’t let a compromised user walk into a cloud app anymore. It’s unacceptable.” –Information security services, manufacturing

Empowered workers to reset their own passwords

If you have a help desk, your employees likely make thousands of password reset requests per month. Locked out users can’t be productive, and their pleas for help eat up valuable time help desk workers could spend on other priority tasks. One organization told Forrester it costs them between USD500,000 and USD700,000 per year just to reset passwords.

With Azure AD Self-Service Password Reset, employees can reset their own passwords without help desk intervention. Forrester estimates that with this feature, customers can decrease the number of password reset calls per month by 75 percent, yielding a three-year adjusted present value of USD 1.7 million.

Unlocked efficiency gains by consolidating their identity infrastructure

Many enterprises use several solutions to manage identity and access management: an on-premises solution for legacy applications, a SaaS-based solution for modern cloud applications, and Azure AD for Microsoft applications. Maintaining this complex infrastructure requires multiple servers and licenses, not to mention people who understand the various systems. Migrating authentication for all your apps to Azure AD can significantly reduce hardware and licensing fees. Forrester estimates savings at a three-year adjusted present value of USD 1.9 million.

Consolidating your identity infrastructure to Azure AD gives you the benefits of cloud-based identity and access management solutions and frees your team to focus on other priorities. IT and identity teams in the study reduced time and effort spent provisioning/deprovisioning accounts, integrating new applications, and addressing issues related to IAM infrastructure. They also experienced less system downtime. Forrester estimated the value of IT efficiency gains at USD 3.0 million over three years.

Integrating with Azure AD also benefits software vendors

As part of the TEI, Forrester interviewed two Independent Software Vendors (ISVs), Zscaler and Workplace from Facebook. They documented their findings in the spotlight, Software Vendors Boost Adoption by Integrating Their Apps with Microsoft Azure Active Directory. Integrating their applications with Azure AD helped the two ISVs interviewed accelerate their sales cycles, as well as product adoption. Seamless integration with Azure AD helps ISVs reach the more than 200,000 organizations that use Azure AD. ISVs can easily give their customers and prospects single sign-on, automated user provisioning, and enhanced security through the security features built into Azure AD, while focusing their energies on enhancing their own solution.

“There is a shorter sales cycle for our platform. Many of our customers are already AD FS-based users, and our integration with Azure AD makes the case for our services that much more compelling. It also allows us to be more agile in helping customers get things implemented more quickly. Essentially, there’re fewer barriers to entry for customers.” – Vice President, product management, Zscaler

“We have a strong mutual customer base with Microsoft, which is why we’ve built such a great partnership with them over the years. Obviously, Azure AD is widely used by our customers, so it makes sense to leverage it.” – Platform Partnerships Manager, Workplace from Facebook

Learn more

COVID-19 has ushered in a new normal of remote work and conservative budgets, but that doesn’t mean you have to sacrifice security or the user experience. By integrating all your apps with Azure AD you can add value—like giving your employees a more convenient and secure work from home experience—while preserving valuable resources.

Find out how Azure AD can help secure all your apps and read the full Forrester Consulting study, The Total Economic Impact™ of securing apps with Microsoft Azure Active Directory and Software vendors boost adoption by integrating their apps with Microsoft Azure Active spotlight.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

[1] Forrester based all savings estimates on the composite organization developed for its TEI study.

The post New Forrester study shows customers who deploy Microsoft Azure AD benefit from 123% ROI. appeared first on Microsoft Security.

How to organize your security team: The evolution of cybersecurity roles and responsibilities

August 6th, 2020 No comments

Digital transformation, cloud computing, and a sophisticated threat landscape are forcing everyone to rethink the functions of each role on their security teams, from Chief Information Security Officers (CISOs) to practitioners.

With billions of people around the globe working from home, changes to the daily practice of cybersecurity are accelerating. Organizations are shifting from defending a traditional network perimeter (keeping business assets in a safe place) to more effective zero trust strategies (protect users, data, and business assets where they are). This transformation brings technology changes and also opens up questions of what people’s roles and responsibilities will look like in this new world.

At the same time, continuous delivery models are requiring security teams to engage more closely during business planning and application development to effectively manage cyber risks (vs. the traditional ‘arms-length’ security approaches). This requires security professionals to better understand the business context and to collaborate more closely with stakeholders outside of security.

In this new world, traditional job descriptions and security tools won’t set your team up for success. Leaders must create role clarity in this transformation to help their teams navigate uncertainty. This will reduce distractions and stress, as well as help people focus on the important tasks that make the whole team shine.

While each organization and each person will have a unique journey, we have seen common patterns for successfully transforming roles and responsibilities. To help security leaders and practitioners plan for this transformation, Microsoft has defined common security functions, how they are evolving, and key relationships. In this blog, we’ll provide a summary of our recommendations to help you get started.

Security roles must evolve to confront today’s challenges

Security functions represent the human portion of a cybersecurity system. They are the tasks and duties that members of your team perform to help secure the organization. Depending on your company size and culture, individuals may be responsible for a single function or multiple functions; in some cases, multiple people might be assigned to a single function as a team.

High performing security teams understand their individual roles, but also see themselves as a larger team working together to defend against adversaries (see Figure 1). The following functions represent a fully populated enterprise security team, which may be aspirational for some organizations. Organizations often need to prioritize where to invest first based on their risk profile, available resources, and needs.

An image showing each function works as part of a whole security team, within the organization, which is part of a larger security community defending against the same adversaries.

Figure 1: Each function works as part of a whole security team within the organization, which is part of a larger security community defending against the same adversaries.

Policy and standards

This team develops, approves, and publishes security policy and standards to guide security decisions within the organization and inspire change. This team must take into account cloud platforms, DevOps processes and tools, and relevant regulations, among other factors. Read more about security policy and standards function.

Security operations center (SOC)

A security operations center (SOC) detects, responds to, and remediates active attacks on enterprise assets. SOCs are currently undergoing significant change, including an elevation of the function to business risk management, changes in the types of metrics tracked, new technologies, and a greater emphasis on threat hunting. Read more about the SOC function.

Security architecture

Security architecture translates the organization’s business and assurance goals into a security vision, providing documentation and diagrams to guide technical security decisions. A modern architecture function needs to consider continuous delivery, identity-centric security solutions for cloud assets, cloud-based security solutions, and more. Read more about the security architecture function.

Security compliance management

The objective of cloud security compliance management is to ensure that the organization is compliant with regulatory requirements and internal policies. As you modernize this function, consider the role that cloud providers play in compliance status, how you link compliance to risk management, and cloud-based compliance tools. Read more about the security compliance management function.

People security

People security protects the organization from inadvertent human mistakes and malicious insider actions. The cloud and changing threat landscape require this function to consider how to effectively engage employees in security, organizational culture change, and identification of insider threats. Read more about the people security function.

Application security and DevSecOps

The objective of application security and DevSecOps is to integrate security assurances into development processes and custom line of business applications.

Cloud services and APIs have enabled a faster delivery cadence and influenced the creation of the DevOps team model, driving a number of changes. The biggest change we see is the integration of security into the development process, which requires culture and process adjustments as each specialty adopt the best of each other’s culture. This function must also adopt an agile mindset and stay up to date on new tools and technologies. Read more about the application security and DevSecOps function.

Data security

The main objective for a data security team is to provide security protections and monitoring for sensitive enterprise data in any format or location. New regulations and data loss prevention models are influencing the evolution of this function, and the sheer volume of data being stored on numerous devices and cloud services has also had a significant impact. Read more about the data security function.

Infrastructure and endpoint security

The infrastructure and endpoint security function is responsible for security protection to the data center infrastructure, network components, and user endpoint devices. Software-defined datacenters and other cloud technologies are helping solve longstanding data center security challenges, and cloud services are transforming the security of user endpoint devices. Read more about the infrastructure and endpoint security function.

Identity and keys

The main objective of a security team working on identity management, is to provide authentication and authorization of humans, services, devices, and applications. Key and certification management provides secure distribution and access to key material for cryptographic operations (which often support similar outcomes as identity management).

One of the big changes is that identity and key/certification management disciplines are coming closer together as they both provide assurances on the identity of entities and enable secure communications. This function also plays a significant role in modernizing security by establishing an identity-based perimeter that is a keystone of a zero-trust access control strategy. Read more about the identity and keys function.

Threat intelligence

Security threat intelligence provides context and actionable insights on active attacks and potential threats to empower organizational leaders and security teams to make better (data-driven) decisions. Threat intelligence usually grows from a technical scope into servicing the larger organization with strategic, tactical, and operational (technical) threat intelligence. Read more about the threat intelligence function.

Posture management

Posture management builds on existing functions like vulnerability management and focuses on continuously monitoring and improving the security posture of the organization. Posture management is typically one of the largest changes because it supports decisions in many other functions using information that only recently became available because of the heavy instrumentation of cloud technology. This function includes zero-trust based access controls, real-time risk scoring, threat and vulnerability management, and threat modeling, among others. Read more about the posture management function.

Incident preparation

The primary objective for the incident preparation function is to build process maturity and muscle memory for responding to major incidents throughout the organization, including security teams, executive leadership, and many others outside of security. These practice exercises have become powerful tools to ensure stakeholders are informed and familiar with their role in a major security incident. Read more about the incident preparation function.

Looking forward

In the beginning of the journey, clarity is critical to shine a light on the path forward and the journey ahead. As you walk the path, healthy doses of empathy and continuous learning are key to maintaining forward momentum. Organizations should invest in both formal training and supporting self-directed exploration to ensure people get the knowledge they need and have the confidence to take the risks required to transform.

In addition to the cloud security functions guidance, Microsoft has also invested in training and documentation to help with your journey—see the CISO Workshop, Microsoft Security Best Practices,  recommendations for defining a security strategy, and security documentation site.

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post How to organize your security team: The evolution of cybersecurity roles and responsibilities appeared first on Microsoft Security.

Zero Trust: From security option to business imperative overnight

August 6th, 2020 No comments

Not long ago when I spoke with customers about Zero Trust, our conversations focused on discussing the principles, defining scope, or sharing our own IT organization’s journey. Zero Trust was something interesting to learn about, and most organizations were very much in the exploratory phase. As COVID-19 forced organizations across the world to send their workforce home, organizations rapidly focused on Zero Trust approaches to alleviate challenges of enabling and securing remote work. Using Zero Trust to secure users, data, and devices (wherever they may be) has changed from optional to a business imperative overnight.

Companies found that traditional security models required bringing users and data to ‘safe’ network places, which doesn’t scale and doesn’t provide the needed visibility. Employees are getting their work done any way they can– using personal devices, sharing data through new services, and collaborating outside the confines of traditional protections of the corporate network. Earlier adopters of Zero Trust approaches were able to adapt quickly, but many others instantly faced an expanded attack surface area and new security challenges they were not fully prepared for.

At Microsoft, we have been helping customers navigate these challenges by sharing our learnings and building controls, tools, and practices to enable daily application of Zero Trust principles. We have been focusing on providing organization quick wins that close critical gaps today and laying a strong foundation of Zero Trust expertise and technology to build on in the future.

Today and in my presentation at Blackhat 2020, I’d like to share some insights we’ve learned through this journey to help you with yours:

1. Start with strong authentication

Many customers I meet with share that trying to figure out where to start their Zero Trust journey is a major challenge. I always recommend starting with multi-factor authentication (MFA). Verifying a user’s identity with strong authentication before granting them access to corporate resources is the most effective step to quickly improve security. Our studies have shown that accounts secured with MFA are 99.9% less likely to be compromised. Strong authentication not strengthens your overall security posture and minimizes risk, it lays a strong foundation to build on—such as securely connecting employees to apps with single sign-on (SSO) experiences, controlling access to resources with adaptive access policies, and more.

2. Endpoint visibility is critical and getting more challenging

In a Zero Trust security model, we want to have visibility into any and all endpoints accessing the corporate network so we can only allow healthy and compliant devices to access corporate resources. Device security posture and compliance should be used in your access policies to restrict access from vulnerable and compromised devices. This not only helps strengthen security and minimize risk, but also enables you to improve your employees’ productivity by supporting more device types and experiences. In a recent Microsoft study, more than 50% of organizations reported seeing a greater variety of endpoint platforms because of supporting remote work.

3. Apps and data are primary attack surfaces

With employees increasingly accessing corporate data on new devices and collaborating in new ways, most security teams are seeing that their application and data security tools aren’t giving them the visibility and control they need. This de facto expansion of the enterprise attack surface makes it critical to discover the cloud apps in use, assess them for risk, and apply policy controls to ensure that data isn’t leaking through these applications. Finally, make sure the sensitive data in these apps is protected wherever it travels or lives by automatically classifying, labeling, and applying protection to files.

3. Integrated solutions are more critical than ever

CISOs reported in a recent Microsoft study that Threat Protection is now a higher priority for them. With an increasing attack surface area and velocity, integrated threat protection solutions can now share signals across detection, prevention, investigation, and response. While most organizations already use threat protection tools, most don’t share signals or support end-to-end workflows. Because most attacks involve multiple users, endpoints, app, data, and networks, it’s imperative for tools to work together to deliver streamlined experience and end-to-end automation. Look for opportunities to integrate your threat protection solutions to remove manual tasks, process friction, and the morael issues they generate.

5. Zero Trust improves end-user experience

Security leaders are often challenged to balance security and a more streamlined end-user experience. Fortunately, Zero Trust enables both at the same time because security is built around the users and business assets, rather than the other way around. Instead of users signing in multiple times, dealing with VPN bandwidth constraints, and working only from corporate devices, Zero Trust enables users to access their content and apps from virtually any device and location securely.

To listen to my presentation on Zero Trust at Blackhat register here. Check out the Microsoft Zero Trust Maturity Model vision paper (click to download) detailing the core principles of Zero Trust, and our maturity model, which breaks down the top-level requirements across each of the six foundational elements.

We’re also publishing deployment guides for each of the foundational elements.  Read the latest guides for IdentitiesDevices, and Networking. Look out for additional guides in the Microsoft Security blog.

Learn more about Zero Trust and Microsoft Security.

Also, bookmark the Security blog to keep up with our expert coverage on security matters. And follow us at @MSFTSecurityfor the latest news and updates on cybersecurity.

 

The post Zero Trust: From security option to business imperative overnight appeared first on Microsoft Security.

Afternoon Cyber Tea: Revisiting social engineering: The human threat to cybersecurity

August 5th, 2020 No comments

Most of us know ‘Improv’ through film, theatre, music or even live comedy. It may surprise you to learn that the skills required for improvisational performance art, can also make you a good hacker? In cybersecurity, while quite a bit of focus is on the technology that our adversaries use, we must not forget that most cybersecurity attacks start with a non-technical, social engineering campaign—and they can be incredibly sophisticated. It is how attackers were able to pivot quickly and leverage COVID themed lures wreak havoc during the onset of the global pandemic. To dig into how social attacks like these are executed, and why they work time and again, I spoke with Rachel Tobac on a recent episode Afternoon Cyber Tea with Ann Johnson.

Rachel Tobac is the CEO of SocialProof Security and a white-hat hacker, who advises organizations on how to harden their defenses against social engineering. Her study of neuroscience and Improv have given her deep insight into how bad actors use social psychology to convince people to break policy. I really appreciate how she is able to break down the steps in a typical social engineering campaign to illustrate how people get tricked.

In our conversation, we also talked about why not all social engineering campaigns feel “phishy.” Hackers are so good at doing research and building rapport that the interaction often feels legitimate to their targets. However, there are techniques you can use, like multi-factor authentication and two-factor communication, to reduce your risk. We also discussed emerging threats, like deep fake videos, attacks on critical infrastructure, and how social engineering techniques could be used against driverless cars. To learn why you should take social engineering seriously and how to protect your organization, listen to Afternoon Cyber Tea with Ann Johnson: Revisiting social engineering: The human threat to cybersecurity on Apple Podcasts or Podcast One.

What’s next

In this important cyber series, I talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, Internet of Things (IoT), and other emerging tech.

You can listen to Afternoon Cyber Tea with Ann Johnson on:

  • Apple Podcasts — You can also download the episode by clicking the Episode Website link.
  • Podcast One — Includes the option to subscribe, so you’re notified as soon as new episodes are available.
  • CISO Spotlight page — Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, compliance, going passwordless, and more.

To find out more information on Microsoft Security Solutions visit our website. In the meantime, bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.

The post Afternoon Cyber Tea: Revisiting social engineering: The human threat to cybersecurity appeared first on Microsoft Security.

CISO Stressbusters: Post #4: 4 tips for running a highly effective security operation

August 4th, 2020 No comments

Rebecca Wynn, Global CISO & Chief Privacy Officer (CISO) of (24)7.ai, shares her advice for relieving stress in today’s CISO Stressbuster post.

In many organizations, CISO is held accountable for security breaches, yet they don’t have control over all the decisions and systems that impact cyber risks. They need to continuously prove that they are making the company safer while persuading others to change behaviors.

Building a security culture can be stressful, but it helps if people know they can count on you. As a senior information and security risk officer who has served as a CISO at several technology companies, I’ve learned that one way to increase influence is to get things done. Running a tight ship helps you prove value and gain allies. In the fourth blog in the CISO Stressbuster series, I’ve outlined four tips that will help you build a highly effective security organization.

1. Cultivate your team

The most important part of your security operation is your people. A strong team that works well together will help you deliver on your goals and prove the value of cybersecurity to the board. To ensure your team has the right skills for your organization, start by identifying your strengths and weaknesses. For example, you may need people with more experience in cloud or automation technologies. It’s also essential to think about diversity. People with different backgrounds help you avoid group-think and generate new ideas.

Training and apprenticeship programs are a great way to build skills within your existing staff. When done well, you can encourage a continuous learning culture that keeps people engaged. This is incredibly valuable because it isn’t just CISOs who are stressed. Our teams are also under a lot of pressure. Helping them grow and acquire new skills can reduce burnout.

You won’t be able to fulfill all your needs with training, but it can be challenging to find senior people with specialized backgrounds. When you do need to fill a new position, be intentional about which skills are required and which can be trained. Expand your criteria to include people with non-traditional backgrounds who can offer new insights. To encourage participation from everyone, build an inclusive culture.

2. Be a good fiduciary with your budget

Whether you work at a huge enterprise or a startup, there will always be a limit to your budget. Make smart investments to stretch those dollars farther. A great example is software and cloud services. There are many great security products available, but if they don’t work well with your current solutions, you may not get as much value out of them. Find ways to expand the usage of existing products. Make sure new tools align with your long-term strategy and that teams are well trained. Audit your technology regularly and stop paying for services that no longer meet your needs.

Strategic staffing decisions can also help you do more with your budget. For highly specialized skills or irregular tasks, it can sometimes be more efficient to outsource. On the other hand, you may need to invest in your own team to prepare for a changing business climate, such as hiring analysts with cloud expertise.

Demonstrating a proven track record of managing your budget well, builds trust with the board and other executives. This gives you more credibility when you ask for increases in the future.

3. Measure metrics that matter

Your goal as a CISO is to improve the security of the company by effectively managing cybersecurity risk. To evaluate how well you are doing, you need to track the right metrics. The number of tickets opened and closed each month won’t tell you much, but the context of those tickets can.

Set up reporting that will help you measure how well your team and tools are protecting the organization. Some possible examples include:

  • Time to remediate (TTR) an incident allows you to track how long attackers have access to your resources.
  • Number of users with privileged access will help you keep the number of people who can access sensitive information as low as possible.
  • Number of systems with vulnerabilities can help you ensure they are regularly patched.
  • Number of unidentified devices on the network.
  • Number of staff who have completed security awareness training.

4. Adapt your communication for your audience

Making things happen as a CISO requires that you influence others. Whether that is encouraging different behavior from your team, persuading the board to approve a budget increase, or convincing other business leaders to take security seriously, communication is key.

Effective communication starts with good relationships. When I first join a company, I immediately work on building partnerships with other business leaders. If they have issues with the security team, I work on getting those ironed out. This paves the way for me to have conversations about how we can work together to improve security.

As you work with colleagues to make progress on security objectives, it helps to be agile. Listen during meetings to try to understand what’s working and what’s not. Flex your language depending on who’s in the room. When people understand how they will benefit from security, they are more likely to get on board.

Looking ahead

Safeguarding your company against cyber threats is rewarding work, but it also comes with a lot of pressure. To help you manage the stress, the CISO Stressbusters blog series will feature advice from CISOs from a variety of different companies and industries. Stay tuned for the next CISO Stressbuster post for more advice from others in the trenches.

Did you find these insights helpful? What would you tell your fellow CISOs about overcoming obstacles?  What works for you? Please reach out to Diana Kelley on LinkedIn if you’re interested in being interviewed for one of our upcoming posts.

Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

 

The post CISO Stressbusters: Post #4: 4 tips for running a highly effective security operation appeared first on Microsoft Security.

Afternoon Cyber Tea: Peak, Plateau, or Plummet? Cyber security trends that are here to stay and how to detect and recover from ransomware attacks

July 23rd, 2020 No comments

The rapidity of change in the cyberthreat landscape can be daunting for today’s cyber defense teams. Just as they perfect the ability to block one attack method, adversaries change their approach. Tools like artificial intelligence and machine learning allow us to pivot quickly, however, knowing what cyber trends are real and which are hype can be the difference between success or struggle. To help you figure where to focus your resources, Kevin Beaumont joined me on Afternoon Cyber Tea.

Kevin is a thought leader on incident detection and response. His experience running Security Operations Centers (SOC) has given him great insight into both the tactics used by attackers and how to create effective cyber teams. While our discussion took place before he joined Microsoft, his insights remain of great value as we look at how current cyber trends will evolve past the pandemic.

In this episode, he shares his cyber experience on everything from the role ransomware plays in the monetization of cybercrime, to what attack vectors may Peak, Plateau, or Plummet, and which trends that are here to stay.

What’s next

In this important cyber series, I talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, Internet of Things (IoT), and other emerging tech. As we work on how to help empower every person and organization on the planet achieve more, we must look at how we combine our security learnings with examining how today’s cybersecurity investments will shape our industry and impact tomorrow’s cybersecurity reality.

You can listen to Afternoon Cyber Tea with Ann Johnson on:

  • Apple Podcasts—You can also download the episode by clicking the Episode Website link.
  • Podcast One—Includes the option to subscribe, so you’re notified as soon as new episodes are available.
  • CISO Spotlight page—Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, compliance, going passwordless, and more.

In the meantime, bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.

The post Afternoon Cyber Tea: Peak, Plateau, or Plummet? Cyber security trends that are here to stay and how to detect and recover from ransomware attacks appeared first on Microsoft Security.