Keeping up

with a changing
cybersecurity
landscape
Keeping up with a changing cybersecurity landscape 2

Who this is for

CISOs and other decision makers responsible for Estimated reading time:
identifying, monitoring, assessing and mitigating internal Eight minutes
and external risks within an organisation who want to
stay on top of the latest trends in cybersecurity.

Contents

Keeping up with a changing cybersecurity landscape 3

Rethinking the nature of trust 4

Ransomware profits attract a sophisticated new class of attacker 7

Securing cloud services requires attention and investment 12

The cybersecurity talent shortage demands a decisive response 14

Automation, AI and ML enable in-depth defence 16

Keeping up with a
changing cybersecurity
landscape
As the workplace evolves
at a faster pace, so do the
cybersecurity threats that target it.
The CISO’s job has never been easy, but in a
context of increasingly frequent and complex
cyberthreats, it is even more challenging.
Not only has the amount of data involved
continued to explode, but it is generated,
stored and used in more places than ever.
Insider threats persist. The regulatory
environment can change drastically and
suddenly. And with so many people now
working remotely, data lives well beyond the
traditional borders of business.
The days of securing assets behind a fortified
perimeter are gone. Data resides in the cloud,
in endpoints and across supply chains, greatly
expanding the potential attack surface.
This trend was accelerated by the COVID-19
health crisis and, for many organisations, the
rapid shift to remote work. CISOs are tasked
with protecting a hybrid work environment
for the foreseeable future, meaning they must
enable employees to be productive from
anywhere while keeping data protected and
complying with industry regulations.
Fortunately, new security approaches and
technologies are available to help CISOs and
other security leaders stay ahead of emerging
threats across the landscape. By adopting a
Zero Trust approach and using AI, machine
learning and automation to scale protection
and predict threats, CISOs can help their
organisations thrive in times of change. This
briefing shares some of the key trends and
changes in the cybersecurity landscape and
how CISOs can respond effectively.
Rethinking the
nature of trust

A Zero Trust framework is the once you logged in to a system, you were
considered a trusted entity. With a Zero
best way to prevent identity-
Trust strategy, users can access the data they
based attacks and secure data need, when they need it, and any anomalous
given the proliferation of behaviour will trigger alerts.
endpoints and remote work.
This framework is not a set of specific
products as much as a guide for optimising
When the defence paradigm centred on
an organisation’s security strategy. This
the perimeter and IT architecture shared a
allows security teams to balance deployment
common IP address range, security controls
of these strategies with maintaining a
were network oriented. As the cloud and
positive user experience. For example, by
mobile platforms have taken data outside the
adopting technology such as passwordless
perimeter, security protections must follow.
authentication, multifactor authentication
This changing world demands a new security
(MFA) or single sign-on (SSO) identity
framework for protecting systems and data.
management – which are all relatively simple
to implement – employees can use biometrics
The Zero Trust framework incorporates the
or personal devices to access applications and
key guiding strategies of explicit verification,
resources quickly and securely.
assume breach and least-privileged access. The
phrase “never trust, always verify” summarises
these strategies. With the perimeter paradigm,
Keeping up with a changing cybersecurity landscape 5

An integral part of the Zero

Trust strategy is orchestration
between the different risk
areas to create a unified threat
detection strategy via security
incident and event management
(SIEM) and extended detection
and response (XDR).
Keeping up with a changing cybersecurity landscape 6

SIEM works by gathering and analysing to their source, it allows organisations to

large amounts of data from across the entire
organisation. The analysis happens in real time
and anomalies are identified and reported
based on preconfigured rules. It improves
incident detection by providing a wide breadth
of threat without creating alert fatigue.
XDR helps break down silos to deliver a deeper
level of threat detection and response across
multiple sources. By identifying hidden and
sophisticated threats and tracking them
better identify and prevent attacks before
damage can be done. XDR enhances SIEM
by providing depth of protection through
access to investigations and analysis, along
with automation that identifies and prioritises
alerts and incidents for security staff and
recommendations for fixing vulnerabilities and
misconfigurations. It’s an in-depth view of a
particular area that adds valuable context to
the SIEM’s single dashboard.

The Zero Trust framework incorporates the key guiding

strategies of explicit verification, assume breach and
least-privileged access. The phrase ‘never trust, always
verify’ summarises these strategies.
Ransomware profits
attract a sophisticated
new class of attacker

Fuelled by hefty profits and Three vectors are responsible for most
successful ransomware attacks. These include:
relatively low risk, ransomware
is seeing new levels of innovation, Remote desktop protocol
with threat actors adopting (RDP) brute force
advanced tactics to avoid
Phishing
traditional network defenses.
Vulnerable internet-
facing systems
Bad actors can now purchase Ransomware-as-
a-Service (RaaS) almost as easily as any other
cloud service. Attack chains have become
refined and commoditised, making it cheap
and easy to target valuable information and
exploit that information in new ways.
Keeping up with a changing cybersecurity landscape 8

Attack type
RDP Brute Force

Companies use RDP to enable access to

desktops from remote locations. Attackers
compromise these accounts to take control
of the physical or virtual desktops.

Penetration method Consequences Defences

Discovery of computers Unfettered access to Strong passwords,

running RDP via public
IP address search, brute-
force password guessing
internal resources and multifactor
the ability to deploy authentication, limited
ransomware across password guesses,
the system cloud-based virtual
desktops instead of RDP
Keeping up with a changing cybersecurity landscape 9

Attack type
Phishing

Legitimate-seeming emails convince

employees to share identity and
authentication information.

Penetration method Consequences Defences

Increasingly Real but compromised Phishing detection,

sophisticated and credentials give malware protection,
targeted attacks tailored attackers difficult-to- threat isolation,
to individual users detect access to IT employee training
systems
Keeping up with a changing cybersecurity landscape 10

Attack type
Internet-facing systems

Attackers identify and compromise

misconfigured, outdated or poorly
protected internet-facing services.

Penetration method Consequences Defences

High-volume Access to platform Vulnerability

penetration testing of services and extensive scanning, cloud
internet-facing systems data stores vendor protections,
continuous patching
and updated
operating systems
Keeping up with a changing cybersecurity landscape 11

The most sophisticated ransomware attackers proxies. A combination of technology and

will penetrate a target, then look for a partner
who can deploy their ransomware into the
target in a customised fashion. For example,
developers of the LockerGoga ransomware,
which requires administrative rights for
execution, so thoroughly analyse a target’s
defences that they won’t even bother to hide
their malicious app because they know it will
not be detected. Attackers may lurk inside
systems for months before deploying their
ransomware threat.
employee awareness training can be effective
against phishing-based ransomware attacks.
Attackers also use tools already installed on
a system to spread across a network and
broaden infestation. These intruders ‘live
off the land’ once they penetrate a system,
using publicly available tools and utilities
to accomplish their ends. These attacks are
difficult to detect because, to defenders, they
appear to be normal network activity.

Phishing remains a popular threat, with threat
actors adopting advanced tactics to avoid
traditional network defences. They′re hiding
behind packet obfuscation, encryption, multi-
phased payloads and fast flux DNS, where
botnets hide phishing delivery sites behind
a network of compromised hosts acting as
While there is no silver bullet for security,
these vectors can be mitigated with proper
password protection, identity management
and software updates in addition to a
comprehensive security and compliance
toolset. Keeping systems up-to-date and
regularly backing up data offline are strong
protections against ransomware.

According to the 2021 Ransomware Survey Report,

ransomware grew by 1,070% between July 2020 and
June 2021.¹
¹ Global Threat Landscape Report, Fortinet, 2021.
Securing cloud services
requires attention and
investment
Cloud security takes center stage
as security leaders continue
to adapt to the impact of past
disruptions, prepare for increased
uncertainty and support the shift
to hybrid work.
Most organisations and industries recognise
that the cloud can enable data security
that is equal to or better than on-premises
systems. However, cloud vendors can only take
responsibility for the security of systems under
their control. Companies are still responsible
for proper configuration, identity and access
management and security within their own
multicloud and hybrid environments.
² Misconfigurations are the Biggest Threat to
Cloud Security: Here’s What to Do, Infosecurity
Magazine, 24 May 2021.
Misconfiguration is one of the biggest
contributors to vulnerabilities in the cloud.²
The expanding threat landscape puts more
pressure on CISOs to modernise security
operations to reduce inefficiencies, increase
visibility across the organisation and become
more proactive in identifying and protecting
against threats.
Cloud security efforts are often complicated
by an ever-increasing mix of security products
and services. Typically, these products
use different portals, data schemas and
methodologies. Monitoring data across those
products manually can delay response times
and even miss elements of an attack itself.
Keeping up with a changing cybersecurity landscape 13

According to Rick Gehringer, Chief Information
Officer at Wedgewood, a real estate
investment company, “That mix only makes
the attack surface larger. It’s hard to know your
environment well and develop awareness of
associated risks when it’s sprawling.”3
A better approach is to adopt a single
platform that unifies the security toolset within
a manageable, data-driven environment. This
enables security teams to simplify security
across their entire portfolio. Improved visibility,
a clear cloud security architecture strategy
and proper configuration management also
contribute to both the streamlining and
improved effectiveness of cloud security.
CISOs can also take advantage of the security
services, capabilities and best practices
provided by cloud vendors, who have a strong
interest in helping customers avoid costly
and reputation-damaging compromises.
By using optimal configurations and
minimising customisation to what’s necessary,
organisations can reduce the likelihood of
exposing the elements of their systems under
their control.

³ Real estate specialist Wedgewood

lists Microsoft Sentinel among its best
investments, Microsoft, 2022.

Improved visibility, a clear cloud security architecture

strategy and proper configuration management also
contribute to both the streamlining and improved
effectiveness of cloud security.
The cybersecurity talent
shortage demands
a decisive response
In the face of a growing shortage
of qualified security staff, CISOs
are getting creative.
Even before the pandemic, cybersecurity was
struggling with a labour shortage. Now, CISOs
are concerned not only about retaining the
employees they already have but attracting
new talent as well.
In November 2021, a record 4.5 million people
in the US quit their jobs, with a historic rise
reported in all four US regions. More than
40% of employees worldwide are considering
quitting their jobs in 2022. Some people are
leaving the workforce, while others are taking
new positions or exploring new careers in
what has been termed the Great Reshuffle.⁴
What this means for the cybersecurity talent
shortage is two things: first, as with other
fields, cybersecurity teams are facing higher-
than-average turnover. Second, this turnover
can increase insider risk.
⁴ The Next Great Disruption is Hybrid Work –
Are We Ready?, Microsoft, 2021.
Security leaders must get innovative to address
this challenge. “Many CISOs are telling us that
one of the most effective ways to address their
security challenges amidst staffing challenges
is to build a culture of security where security
is everyone’s job,” says Rob Lefferts, Corporate
Vice President, Programme Management for
Microsoft 365 Security and Compliance.⁵ “CISOs
are increasingly advocating for this notion
that the entire organisation can take on the
responsibility of security, especially as they are
facing staffing shortages or funding challenges.”
By making sure development teams, system
administrators and non-IT employees all
understand security policies and risks,
they can help lighten the workload of their
existing security teams. Organisations are also
deputising employees outside the security
team, providing extra training and keeping
them connected to help identify and manage
security risks in ways that are more scalable
than centralised approaches.
⁵ Developing security talent, Rob Lefferts,
Microsoft, 2022.
Keeping up with a changing cybersecurity landscape 15

Many CISOs are telling us

that one of the most effective
ways to address their security
challenges amidst staffing
challenges is to build a
culture of security where
security is everyone’s job.”
Rob Lefferts,
Corporate Vice President, Programme Management
for Microsoft 365 Security and Compliance.⁵

⁵ Developing security talent, Rob Lefferts,

Microsoft, 2022.
Automation, AI
and ML enable
in-depth defence

Security teams now have the
ability to deploy advanced
hunting capabilities to root out
sophisticated breaches.
Modern threat protection requires security
controls that continuously cross-correlate
and analyse relevant variables in near real
time, then decide whether an identity should
be granted or denied access. This need is
increasing the urgency for organisations to
adopt automation, AI and machine learning
(ML) across their security stacks.
AI and ML play critical roles across
cybersecurity operations because they make
it possible to analyse massive amounts of data
for suspicious activity patterns and threat
signals in ways that human analysts can′t.
ML algorithms can turn raw data from multiple
sources into incidents that give defenders the
kind of visibility they need to understand the
entire context of an attack and craft a targeted
response before it’s too late.
AI, ML and automation also help organisations
become less reactive and more proactive
in identifying and responding to threats.
Security teams now have the ability to deploy
advanced hunting capabilities to root out
sophisticated breaches or better understand
how their organisation′s assets behave. This
approach increases an organisation′s ability to
defend against persistent attacks and block
attackers from gaining a foothold to exploit
data and systems.

With a clear view of the changing cybersecurity landscape

and access to evolving defence methods, businesses are
better able to thrive and stay one step ahead of threats.
Keeping up with a changing cybersecurity landscape

Discover the power of an integrated

approach to security that uses a
Zero Trust framework, advanced
AI and intelligent automation
to protect your business against
sophisticated threats.

Learn more >

© 2022 Microsoft Corporation. All rights reserved. This document is provided ‘as is’. Information and views
expressed in this document, including URL and other internet website references, may change without notice.
You bear the risk of using it. This document does not provide you with any legal rights to any intellectual
property in any Microsoft product. You may copy and use this document for your internal, reference purposes.