Cyberattacks in 2021 continued to steadily increase in volume and sophistication. Ransomware continued its ruthless path across industries, often putting lives at risk. Ransomware attacks also became increasingly simple to carry out with toolkits, as in the case of the Colonial Pipeline attack that disrupted businesses and daily life for many. Indeed, the FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021, a 62% year-over-year increase.
With most organizations shifting to a hybrid work environment as a result of the pandemic, the attack surface has dramatically expanded beyond corporate boundaries, leaving organizations even more exposed to cyber threats. CISOs and other cybersecurity leaders are facing the dual challenges of enabling digital transformation while adapting to a rapidly expanding threat landscape. This continues to reinforce the need for a comprehensive security approach that aligns to business priorities.
What happens when security leaders have a comprehensive security approach based on zero-trust principles? They can be fearless, armed with the ability to secure everything without any limits. Let’s take a look at four ways that we have seen organizations manage a comprehensive security approach.
Commit to a Zero-Trust Strategy
Today’s organizations need a security model that adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located. That is exactly what you get when implementing a zero-trust approach based on the three guiding principles of verify explicitly, use least-privilege access, and assume a breach. Instead of believing everything behind the corporate firewall is safe, the zero-trust model assumes a breach and verifies each request as though it originated from an uncontrolled network.
Microsoft's zero-trust approach is designed to reduce risk at every opportunity across the digital estate, which includes identities, endpoints, applications, network, infrastructure, and data. This means that every transaction must be validated and proved trustworthy before the transaction can occur. This approach is consistent with industry standards like the Open Group’s recently released Zero Trust Commandments and the NIST’s Zero-Trust Architecture.
Zero trust takes a fresh look across all of your security disciplines, including access control, asset protection, security governance, security operations, and innovation security (e.g., DevSecOps). Architecturally, this brings in automated enforcement of security policy, correlation of signals across systems, and extensive security automation and orchestration to reduce manual labor and toil.
Manage Compliance, Risk, and Privacy
Organizations constantly access, process, and store a tremendous amount of data — which is only increasing with business innovation. Additionally, organizations now face an ever-growing landscape of data regulations, creating complexity and compliance risk. Organizations should look for tools that translate complicated regulations and standards into simple language, map controls, and recommend improvement actions in the form of step-by-step guidance.
Additionally, many organizations still use manual processes to discover how much personal data they have stored; thus, they lack actionable insights to help mitigate security and privacy risks. With a privacy management tool, organizations can identify critical privacy risks, automate privacy operations, and empower employees to be smart when they are handling sensitive data.
Use a Combination of XDR + SIEM Tools
SecOps sifts through ever-growing mountains of data to detect and hunt for today’s attacks.
We have found that SecOps teams work best at this with a combination of deep analytics, broad visibility, and orchestration and automation:
- Extended detection and response (XDR) tools provide deep insights and high-quality detections that let SOCs spend time on actual attacks rather than chasing false alarms (false positives).
- Security information and event management (SIEM) tools help security operations gain a broad view across the environment and avoid “swivel chair analytics” from having to work across different consoles.
- Security orchestration, automated, and response (SOAR) tools help lower analyst burnout by automatically investigating and remediating attacks and orchestrating repetitive tasks across tools.
The integration of these three types of tools ultimately helps organizations stay ahead of today’s complex and rapidly evolving threat landscape.
Using MFA Whenever and Wherever Possible
Multifactor authentication (MFA) is an essential tool to secure access to important resources within an organization. MFA adds a layer of protection to the sign-in process that passwords alone simply cannot offer. While MFA doesn’t stop all attacks, it does an amazing job of taking password-attack techniques off of the table. Password attacks are typically automated, resulting in a high volume of attacks that often result in attackers getting access to systems. Organizations that use MFA tools are better protected through additional identity verification when accessing accounts or apps.
In a world of remote and hybrid work, taking a comprehensive approach to security with a zero-trust strategy makes an organization more resilient to the continuous drumbeat of cyberattacks. Microsoft is committed to enabling this world with end-to-end security solutions, architectural guidance, insights and education, security program best practices, and more.
Read more Partner Perspectives from Microsoft.