Professional Documents
Culture Documents
with a changing
cybersecurity
landscape
Keeping up with a changing cybersecurity landscape 2
Contents
A Zero Trust framework is the once you logged in to a system, you were
considered a trusted entity. With a Zero
best way to prevent identity-
Trust strategy, users can access the data they
based attacks and secure data need, when they need it, and any anomalous
given the proliferation of behaviour will trigger alerts.
endpoints and remote work.
This framework is not a set of specific
products as much as a guide for optimising
When the defence paradigm centred on
an organisation’s security strategy. This
the perimeter and IT architecture shared a
allows security teams to balance deployment
common IP address range, security controls
of these strategies with maintaining a
were network oriented. As the cloud and
positive user experience. For example, by
mobile platforms have taken data outside the
adopting technology such as passwordless
perimeter, security protections must follow.
authentication, multifactor authentication
This changing world demands a new security
(MFA) or single sign-on (SSO) identity
framework for protecting systems and data.
management – which are all relatively simple
to implement – employees can use biometrics
The Zero Trust framework incorporates the
or personal devices to access applications and
key guiding strategies of explicit verification,
resources quickly and securely.
assume breach and least-privileged access. The
phrase “never trust, always verify” summarises
these strategies. With the perimeter paradigm,
Keeping up with a changing cybersecurity landscape 5
Fuelled by hefty profits and Three vectors are responsible for most
successful ransomware attacks. These include:
relatively low risk, ransomware
is seeing new levels of innovation, Remote desktop protocol
with threat actors adopting (RDP) brute force
advanced tactics to avoid
Phishing
traditional network defenses.
Vulnerable internet-
facing systems
Bad actors can now purchase Ransomware-as-
a-Service (RaaS) almost as easily as any other
cloud service. Attack chains have become
refined and commoditised, making it cheap
and easy to target valuable information and
exploit that information in new ways.
Keeping up with a changing cybersecurity landscape 8
Attack type
RDP Brute Force
Attack type
Phishing
Attack type
Internet-facing systems
Phishing remains a popular threat, with threat While there is no silver bullet for security,
actors adopting advanced tactics to avoid these vectors can be mitigated with proper
traditional network defences. They′re hiding password protection, identity management
behind packet obfuscation, encryption, multi- and software updates in addition to a
phased payloads and fast flux DNS, where comprehensive security and compliance
botnets hide phishing delivery sites behind toolset. Keeping systems up-to-date and
a network of compromised hosts acting as regularly backing up data offline are strong
protections against ransomware.
Most organisations and industries recognise Cloud security efforts are often complicated
that the cloud can enable data security by an ever-increasing mix of security products
that is equal to or better than on-premises and services. Typically, these products
systems. However, cloud vendors can only take use different portals, data schemas and
responsibility for the security of systems under methodologies. Monitoring data across those
their control. Companies are still responsible products manually can delay response times
for proper configuration, identity and access and even miss elements of an attack itself.
management and security within their own
multicloud and hybrid environments.
According to Rick Gehringer, Chief Information CISOs can also take advantage of the security
Officer at Wedgewood, a real estate services, capabilities and best practices
investment company, “That mix only makes provided by cloud vendors, who have a strong
the attack surface larger. It’s hard to know your interest in helping customers avoid costly
environment well and develop awareness of and reputation-damaging compromises.
associated risks when it’s sprawling.”3 By using optimal configurations and
minimising customisation to what’s necessary,
A better approach is to adopt a single organisations can reduce the likelihood of
platform that unifies the security toolset within exposing the elements of their systems under
a manageable, data-driven environment. This their control.
enables security teams to simplify security
across their entire portfolio. Improved visibility,
a clear cloud security architecture strategy
and proper configuration management also
contribute to both the streamlining and
improved effectiveness of cloud security.
In the face of a growing shortage Security leaders must get innovative to address
this challenge. “Many CISOs are telling us that
of qualified security staff, CISOs
one of the most effective ways to address their
are getting creative. security challenges amidst staffing challenges
is to build a culture of security where security
Even before the pandemic, cybersecurity was is everyone’s job,” says Rob Lefferts, Corporate
struggling with a labour shortage. Now, CISOs Vice President, Programme Management for
are concerned not only about retaining the Microsoft 365 Security and Compliance.⁵ “CISOs
employees they already have but attracting are increasingly advocating for this notion
new talent as well. that the entire organisation can take on the
responsibility of security, especially as they are
In November 2021, a record 4.5 million people facing staffing shortages or funding challenges.”
in the US quit their jobs, with a historic rise
reported in all four US regions. More than By making sure development teams, system
40% of employees worldwide are considering administrators and non-IT employees all
quitting their jobs in 2022. Some people are understand security policies and risks,
leaving the workforce, while others are taking they can help lighten the workload of their
new positions or exploring new careers in existing security teams. Organisations are also
what has been termed the Great Reshuffle.⁴ deputising employees outside the security
What this means for the cybersecurity talent team, providing extra training and keeping
shortage is two things: first, as with other them connected to help identify and manage
fields, cybersecurity teams are facing higher- security risks in ways that are more scalable
than-average turnover. Second, this turnover than centralised approaches.
can increase insider risk.
⁴ The Next Great Disruption is Hybrid Work – ⁵ Developing security talent, Rob Lefferts,
Are We Ready?, Microsoft, 2021. Microsoft, 2022.
Keeping up with a changing cybersecurity landscape 15
Security teams now have the signals in ways that human analysts can′t.
ML algorithms can turn raw data from multiple
ability to deploy advanced
sources into incidents that give defenders the
hunting capabilities to root out kind of visibility they need to understand the
sophisticated breaches. entire context of an attack and craft a targeted
response before it’s too late.
Modern threat protection requires security
controls that continuously cross-correlate AI, ML and automation also help organisations
and analyse relevant variables in near real become less reactive and more proactive
time, then decide whether an identity should in identifying and responding to threats.
be granted or denied access. This need is Security teams now have the ability to deploy
increasing the urgency for organisations to advanced hunting capabilities to root out
adopt automation, AI and machine learning sophisticated breaches or better understand
(ML) across their security stacks. how their organisation′s assets behave. This
approach increases an organisation′s ability to
AI and ML play critical roles across defend against persistent attacks and block
cybersecurity operations because they make attackers from gaining a foothold to exploit
it possible to analyse massive amounts of data data and systems.
for suspicious activity patterns and threat
© 2022 Microsoft Corporation. All rights reserved. This document is provided ‘as is’. Information and views
expressed in this document, including URL and other internet website references, may change without notice.
You bear the risk of using it. This document does not provide you with any legal rights to any intellectual
property in any Microsoft product. You may copy and use this document for your internal, reference purposes.