Tech giant Microsoft warned organizations to patch their security flaws in order to stay safe from some of the worst security threats.
Tech giant Microsoft, in its latest Digital Defence Report of 2022, has warned organizations to patch their security vulnerabilities in order to stay safe from some of the worst threats around right now.
Microsoft in its 114-page Digital Defense Report highlighted alarming statistics on threats such as identity theft, ransomware, and phishing attempts that the organization has faced over the last year.
Security loopholes
According to the data, 99% of all ransomware attacks employ “OS-built tools” to try to tamper with existing protection and backup solutions.
Microsoft also identified that passwords and other critical account data are still being utilized in ransomware attacks. In 75% of attacks, “acquired elevated compromised user accounts” were used to propagate malicious payloads. In the same proportion, attempts that exploited admin tools were successful.
In a section titled “Cyber Resilience”, Microsoft asserts that all of the attacks that it recorded employed siphoned credentials, and recommended employing multi-factor authentication (MFA) and other measures to safeguard data.
Switching to new credential techniques might bring its own security challenges issues.
The MDDR discusses “MFA fatigue”. Here, hackers with no access to a system persistently make account access requests and rely on legitimate account holders to get frustrated and accept the request.
According to the tech giant, this can be countered via the adoption of authenticator applications that don’t rely on alerts but instead employ temporary codes delivered within the app. Free alternatives to traditional two-factor authentication methods include Microsoft Authenticator, Google Authenticator, and Twilio’s Authy.
Zero Trust Technique
Additionally, Microsoft promotes the Zero Trust security model in this year’s MDDR. In what is becoming an industry-wide norm, “zero trust” environments work on the assumption that every employee might be a security threat.
Beyond MFA, the company outlines other strong
Zero Trust practices such as verifying users and devices before allowing access to resources, giving that access the minimum level of privilege required, and always assuming that systems have been breached, necessitating constant monitoring for attacks.
The MDDR claims that “basic security hygiene” protects against 98% of all attacks, so while Zero Trust is inconvenient, it is absolutely necessary for organizations in the modern age to survive.
Microsoft recommends throughout the MDDR that businesses can use multiple of its products into their tech stack to guard against and counter threats, including Security Service Line for assistance during a ransomware attack and Microsoft Defender for Endpoint for cloud-based protection.
