Outrunning cyber threats: Insights from Microsoft’s cyber security expert

In the relentless realm of cyber security, the need for practical insights and actionable strategies to thwart cyber threats has reached unprecedented heights. Wendy Carstairs, Microsoft’s Cloud Solutions Leader, recently illuminated the path forward during her insightful presentation at the ITC Cyber Peak.

In this blog post, Wendy delves into key takeaways, emerging trends, and concrete steps for businesses to stay one step ahead of the ever-advancing army of cyber criminals.

Understanding the landscape: Microsoft’s unique vantage point

At Microsoft, our perspective on the global cyber security landscape is unparalleled. We have the ability to synthesise an astonishing 65 trillion signals every day, granting us invaluable insights into emerging threats.

Our approach to outwitting cyber threats is data driven. The data Microsoft has access to, from the billions of Windows endpoints, servers, millions of Azure firewall and other cloud endpoints in the hyperscale Azure cloud, gives the broadest dataset on the planet. This means we don’t just identify threats; we grasp their scale and underlying dynamics.

The alarming reality: Cyber crime-as-a-service

At the same time, cyber crime is adapting and scaling faster than ever. From the global viewpoint we have, we can see and track the trend and rise of cyber crime-as-a-service. The days of lone hackers or script kiddies are gone; cyber crime has evolved into a multi-trillion-dollar industry.

Consider phishing-as-a-service, where attackers on the dark web can select templates, buy targeted email addresses, and pay with cryptocurrencies for their nefarious campaigns. This unsettling development underscores the urgency of fortifying your organisation’s defences and maintaining a vigilant edge.

With bad actors able to scale and draw on the commercialisation of cyber crime, rather than being able to outrun cyber crime, or “the bear”, it is often enough to stay ahead of the pack and outrun services that are exploitable and more attractive.

Ransomware’s unyielding evolution

Ransomware remains an ever-menacing threat. It has transformed into ransomware-as-a-service, allowing attackers to purchase exploits on the dark web and unleash devastating assaults.

Recent incidents, such as the disruption of petrol stations in Germany and the NHS trust’s ordeal in the UK, starkly illustrate the crippling impact of these attacks. These events underscore the imperative of outrunning the bear by keeping pace with ransomware’s evolving tactics.

The chain reaction of exploits

When infiltrating a network, attackers often focus on exploiting a subset of endpoints. This implies that out of potentially thousands of endpoints, only a few become the targets of ransomware attacks.

The question is, where do you want your organisation to stand in this chain of exploits? Outrunning the bear necessitates proactive steps to diminish the likelihood of becoming a target and minimising the impact when you do.

Five essential recommendations for CISOs

Given the alarming reality of the cyber crime landscape, what are the top five actionable steps to safeguard your organisation?

  1. Zero Trust: Assume that attackers are already inside your network. Embrace a Zero Trust architecture to heighten security, making it exceedingly challenging for the bear to catch you.
  • Multi-factor authentication (MFA): Implement MFA for all administrative accounts and ideally across your entire organisation. This significantly reduces the risk of unauthorised access, strengthening your defences against the relentless bear.
  • Centralised data storage: Develop a robust data policy and securely store sensitive data in a cloud-based environment with consistent policies. This not only safeguards your data but also streamlines your response when the bear comes knocking.
  • Patch and update: Keep your systems current by routinely applying patches. Remaining up to date is critical in the ever-evolving threat landscape and bolsters your ability to outpace the bear by closing vulnerabilities.

The role of generative AI

Generative AI processes vast amounts of complex data, offering insights and suggestions for mitigating threats within minutes and allows analysts to converse with its insights in a natural way. The role of generative AI, specifically Microsoft’s Security Copilot, in enhancing cyber security gives us the opportunity to get the edge, get ahead and use the power of both AI and the massive datasets available to Microsoft’s Sentinel Cloud at a speed security analysts alone cannot match. This is how together we will outrun the bear, not just each other.

While AI cannot replace human expertise, it accelerates threat response, enabling organisations to maintain a decisive edge over attackers, much like the agility and speed needed to outrun a bear.

The benefits of managed cyber security providers: Partnering with ITC

As cyber threats evolve, proactive cyber security measures and unwavering vigilance, coupled with strategic partnerships, will be the linchpins of staying ahead in the game.

Managed cyber security providers, such as ITC Secure, a Microsoft Solutions Partner, bring invaluable expertise and support for implementing the strategies discussed in this blog. They possess access to cutting-edge tools and services, like Copilot, and can assist you in swiftly and effectively countering emerging threats.

Collaborating with them is akin to having an experienced guide as you navigate the wilderness, aiding you in outrunning the bear and protecting your organisation.

The time to act is now, the path is clear: act, adapt, and triumph.

Access Wendy’s full ITC Cyber Peak session on-demand: ITC Cyber Peak 2023 – Microsoft address – Webinars (itcsecure.com)