cybersecurityMicrosoft has recently announced that businesses need to assess their security measures in order to protect themselves against new cyber-security threats. Hiring a cybersecurity specialist like Integrated Technology Systems who can assist with the analysis is the best way to ensure the assessment is thorough.

Microsoft has released the 2022 Digital Defense Report (MDDR). The report released alarming statistics on the cyber threats the company faced over the past year, including ransomware attacks, phishing campaigns and identity theft.

Microsoft Security Update Alerts

Microsoft's Corporate Vice President Tom Burt leads the Customer Security & Trust group. Burt said that although the MDDR would not contain any unexpected findings, the patterns were all "going in the wrong way."

Burt explained that ransomware is an increasing threat. Cybercriminals are increasingly aggressive in their attacks on large corporations. Ransomware attacks have affected many organizations, including government agencies and educational institutions. Ransomware attacks have led to the compromise of information about citizens, children, and patients.

The MDDR points out that ransomware attacks may sometimes lead to severe consequences. Costa Rica declared a state of emergency on May 20, 2022 in response to ransomware attacks. This attack impacted hospital operations as well as tax collection.

The increase in ransomware attacks could be due to the increase of Raas, ransomsomeware as a service. Individuals can launch attacks by paying for access.

Microsoft Security Words

Data shows that ransomware attacks most often use "OS-built Tools" which alter backup and protection systems.

In 75 percent of the attacks, malware was spread via "acquired high-compromise user accounts".

This report discusses the importance of multiple security measures to protect credentials. Multi-factor authentication (MFA) is one example of security measures.

Changes in credential methods can pose security risks. MFA fatigue is discussed in the MDDR. This is when malicious actors continue to attempt to gain access to the account. The threat actor hopes that the account holder will eventually get tired of the MFA notifications and allow the login attempt.

Microsoft recommends that authenticator apps do not rely on alerts as a solution. These apps instead use temporary codes that are stored within the app. Integrated Technology Systems can help you explore alternatives to two-factor authentication that will decrease the likelihood of a data breach.

Trust in no one

Zero trustMicrosoft also promoted Zero Trust this year.

  • Zero trust workplaces assume that every employee is a security threat.
  • Recommended security measures, such as verifying user identities and limiting access to data, is needed.
  • Zero Trust is not always comfortable, but it is vital that companies protect themselves from cyber-threats.

Microsoft Services to Protect Your Data

The MDDR provides guidance on how to protect yourself against current dangers as well as new trends.

Microsoft recommends that companies use some of its products to help them detect and respond faster to potential threats. Microsoft offers assistance in ransomware attacks and cloud-based protection through Microsoft Defender For Endpoint.  Integrated Technology Systems has partnered with Microsoft and can provide the need security measures to ensure your company data is secure.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017