Safeguarding Your Business Against Advanced Security Threats

Today’s cybersecurity landscape has changed drastically, with threat levels spiking, including a near-sevenfold increase in spear-phishing attacks since the Covid-19 pandemic began. With cyber threats increasing, it’s important to know what tools are out there to protect your business. Here we address the security challenges facing your business and how to safeguard against them.

Security challenges 

Email: Many companies have subpar antivirus and antispam email filtering solutions that don’t catch attacks. Users often click on ransomware and phishing links or accidentally send confidential data. 

Mobility: Often employees can’t use mobile devices because of security concerns, or the other extreme is that no protection at all is provided for data on mobile devices. 

User credentials: Users often have the same passwords across all their accounts, increasing risk if compromised. With increasingly sophisticated methods to steal credentials, increased security is vital to the survival of your business.  

Safeguarding Against Threats & Leaks

Identity & Access Management: Security now extends beyond an organisation’s network to include user and device identity. At least 81% of hacking breaches use compromised credentials. In account hijacking, a hacker uses a compromised email account to impersonate the account owner. Typically, account hijacking is carried out through phishing, sending spoofed emails, password guessing and more. Prevent this by hardening account hijacking with Multi Factor Authentication and Conditional Access. Systems hardening reduces vulnerability in technology applications, systems, infrastructure, firmware, and other areas.  

Conditional Access is the tool used by Microsoft’s Azure Active Directory to bring signals together, to make decisions, and enforce organisational policies. An example of Conditional Access policies at their simplest are if a user wants to access a resource, they must complete an action such as Multi Factor Authentication (MFA) to access it. MFA is an authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence. MFA leads to 99.9% of attacks being blocked.  

Passwordless Authentication:

Up to 73% of passwords are duplicates and there are 300 million daily fraudulent sign-in attempts. When there is a potential security threat, software passwords must be changed. You can minimise password resets and helpdesk calls with Passwordless Authentication, through Windows Hello. Windows Hello is a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint, facial recognition, or a secure PIN. 

Endpoint Security Management:

Businesses today use lots of endpoint devices, such as laptops, server stacks and smartphones. With work becoming more flexible, especially during Covid-19, more employees work remotely or use their personal devices for work. Endpoint securitymanagement ensures all devices are protected from cyberattacks and security breaches.

Protecting Devices:

Windows Autopilot is used to set up and pre-configure new devices. It is also used to reset, repurpose, and recover devices with little or no management needed, simplifying the Windows device lifecycle from deployment to end of life. 

Security Configuration & Compliance Management

Mobile device management (MDM) solutions like Microsoft Intune help protect data by requiring users and devices to meet requirements. This feature is called compliance policies and it defines the rules and settings that users and devices must meet to be compliant. Actions for noncompliance alert users to the conditions of noncompliance and safeguard data on noncompliant devices. The policies can be combined with Conditional Access, which can block noncompliant users and devices.

App management: A laptop is stolen every 53 seconds and mobile phones account for two thirds of thefts in Ireland alone. Intune is used to manage client apps your company uses to ensure end users have access to the apps they need to do their job. Intune Mobile Application Management (MAM) lets you publish, push, configure, secure, monitor, and update mobile apps for your users, allowing you to manage and protect your organisation’s data within an application. Intune encrypts business data held on devices and allows organisations to remove this data remotely if a device is lost or stolen.

Threat protection

A new malware specimen is released every 4.2 seconds. Microsoft Defender Advanced Threat Protection detects, investigates, and responds to advanced attacks on enterprise networks. The main security benefits are:

Threat & vulnerability management: This built-in capability uses a risk-based approach to the discovery, prioritisation, and remediation of endpoint vulnerabilities and misconfigurations.

Attack surface reduction capabilities provide the first line of defence in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation. They also include network and web protection, which regulate access to malicious IP addresses, domains, and URLs.

Next generation protection further reinforces the security perimeter of your network, designed to catch all types of emerging threats.

Endpoint detection and response capabilities detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 

Automated investigation and remediation help reduce the volume of alerts in minutes at scale.

Microsoft Threat Experts: This managed threat hunting service provides proactive hunting, prioritisation, and additional context and insights that further empower security operation centres to identify and respond to threats quickly and accurately.

Threat Protection

Up to 91% of cyberattacks start with a phishing email. Office 365 Advanced Threat Protection helps to detect and block potentially malicious files from entering your document libraries or team sites or locking the file and preventing anyone from accessing it once it’s been identified as malicious.

Information Protection

Employees need to collaborate with people inside and outside the business. Up to 58% of users accidentally share sensitive information. When data roams, it should be in a secure, protected way. 

Data loss prevention (DLP) identifies confidential data, tracks it, and prevents its unauthorised disclosure by creating and enforcing disclosure policies.

App protection policies (APP) ensure data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move “corporate” data, or a set of actions that are prohibited or monitored when the user is inside the app.

Azure Information Protection (AIP) is a cloud-based solution that enables organisations to discover, classify, and protect documents and emails by applying labels to content. AIP is part of the Microsoft Information Protection (MIP) solution, and extends the labelling and classification functionality provided by Microsoft 365. Sensitivity labels from MIP let you classify and protect your organisation’s data, while making sure that user productivity and their ability to collaborate isn’t hindered.

The technology is out there to protect your business in the post-Covid-19 era, placing it safely in the new security landscape we live in.