Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
2021 has been a watershed year in cybersecurity. The pandemic continued to bring new challenges as attackers took advantage of overstretched security teams to unleash new human-operated ransomware1, malware, and nation-state attacks like those against Colonial Pipeline2 and JBS Food3. With the move toward hybrid and remote work, security professionals have found themselves with more endpoints to manage and secure. Meanwhile, threat actors are exploiting gaps anywhere they can. Practicing basic cyber hygiene—applying security patches and updating software and apps—is a simple way to empower your organization.
October is Cybersecurity Awareness Month, and this year Cybersecurity Awareness Month will highlight the importance of cybersecurity education for all around the theme: Do your part. #BeCyberSmart. With more workers using personal and corporate devices interchangeably, it is even more important to be cyberaware. As new vulnerabilities arise, security for all becomes even more integral to organizational success.
Employees are still falling prey to phishing scams at alarmingly high rates. According to the 2020 Gone Phishing Report produced in partnership with Terranova, it’s not just smaller, under-resourced organizations that are at risk. Large, well-equipped organizations have proven to be even more vulnerable.
Training and education continue to be top of mind for security professionals and their organizations. According to the data from The SANS 2021 Security Awareness Report, over 75 percent of security awareness professionals spend less than half their time on security awareness, implying awareness is too often less than a full-fledged effort.4. During the pandemic, 32 percent of survey participants reported an increase in time spent educating and supporting users on security practices on an ad-hoc basis5.
That’s why Microsoft Security is providing educational content to help organizations #BeCyberSmart and learn how to keep safe both at work and at home. On October 7, 2021, we will release the 2021 Microsoft Digital Defense Report (MDDR), which examines recent trends in cybercrime, establishing hybrid workforce security, combating disinformation, and more—bringing together integrated data and actionable insights to help the global community strengthen our collective digital ecosystem.
In a world of remote and hybrid work, anything less than comprehensive security will leave an organization vulnerable. Comprehensive security goes beyond technology to include education—keeping people updated about the latest threats and teaching them how to safeguard their identities, data, devices, and home networks. That’s why collectively at Microsoft, we’ve built a site that provides education on cybersecurity for all and invite you to learn more.
The 2021 Cybersecurity Awareness Month theme, “Do Your Part. #BeCyberSmart,” is meant to engage everyone from individuals to corporations; empowering all of us to protect our online life and create a safer world for everyone.
The week will highlight best practices and focus on general cyber hygiene, starting with the basics: strong passwords, multifactor authentication, backing up data, and updating your software regularly with all available patches. Microsoft Security provides some great resources on our site that show you how you can keep your accounts secure, protect yourself from threats, and go passwordless. In addition, Microsoft Store is providing cybersecurity training for small business owners and will cover the key areas of security, compliance, identity, and device management as the interdependent parts that all businesses need today.
Learn how to recognize messages or chats that come from a stranger or someone not in your normal work circles (like C-suite executives and purchasing orders). This year, Microsoft will sponsor the Terranova Gone Phishing Tournament and has put together some guidance with our partner on how you can protect yourself from phishing. The Gone Phishing Tournament ™ is a free, annual cybersecurity event open to security and risk management leaders.
The National Initiative for Cybersecurity Education (NICE) in a week-long campaign to promote the exploration of cybersecurity careers. Microsoft is actively reaching out to students, veterans, people re-entering the workforce, and anyone with an interest in being part of this vital segment of the 21st Century workforce. During this week, Microsoft Security will be part of our first Microsoft Student Summit (S2), a three-day virtual skills event designed to inspire higher education students on their employability journey. The S2 event aims to help students learn from Microsoft executives, explore the latest Microsoft technologies, and accelerate their path by skilling up and raising their profile. We’ve also made it easy for students to get ready for Microsoft certification by offering additional daily, live four-hour exam cram sessions aligned to the Microsoft Fundamentals Certifications—featuring Azure Data, Security, Identity and Compliance, and Power Platform.
Diversity in cybersecurity is one of our greatest opportunities. Currently, women represent only 24 percent of the cybersecurity workforce, which means we must commit more to ensuring girls and women see themselves in cybersecurity’s many pathways. That’s why Microsoft Security has teamed up with Girl Security, which is pioneering new approaches to building a cybersecurity workforce that reflects the nation, communities, and people it’s working to secure. Through an open-source curriculum designed to support adolescent and adult girls, women, and gender minorities, Microsoft Security and Girl Security are working to demystify cybersecurity, highlight visible role models who share their learned insights, and inspire these populations toward cybersecurity’s purposeful mission and in-demand skills. We’ll also announce more educational initiatives during this week; so stay tuned to our security blog and look for updates here.
This means making cybersecurity training part of employee onboarding and equipping staff with the tools they need to stay safe. For individuals, it means keeping cybersecurity top-of-mind every time you connect, whether from home or at work. Always consider your security and privacy settings; wherever possible, move to passwordless sign-on. During this week, we’ll highlight best practices for hybrid work by Microsoft Chief Information Security Officer (CISO), Bret Arsenault, and encourage you to view all the weekly featured articles to make cybersecurity first.
Microsoft’s approach to comprehensive security means we go above and beyond our end-to-end security solutions—we also help our customers use technology securely through education and by providing best practices. We’re helping people have a safer online experience by making the 2021 Microsoft Digital Defense Report—one of the most highly downloaded reports Microsoft Security has created—freely available to all on our website on October 7, 2021. Throughout the month, look for upcoming blog posts providing in-depth information and helpful tips for each themed week of Cybersecurity Awareness Month 2021. To access training, certifications, and other resources that you can share with your organization, visit the Microsoft Security Cybersecurity Awareness education page.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1A guide to combatting human-operated ransomware: Part 1, Detection and Response Team, Microsoft Security. 20 September 2021.
2Hackers Breached Colonial Pipeline Using Compromised Password, William Turton, Kartikay Mehrotra, Bloomberg Cybersecurity. 4 June 2021.
3Meat giant JBS pays $11m in ransom to resolve cyber-attack, BBC News. 10 June 2021.
4Managing Human Cyber Risk, 2021 Security Awareness Report, SANS Security Awareness. 2021.
5Information Security Professionals in the time of COVID-19, Sarah Tian, Yonatan Dubinsky, Microsoft 365 Security and Compliance User Research. 24 April 202.