Overlooking even just a single security threat can severely erode a company’s community and consumer confidence, tarnish reputation and brand, negatively impact corporate valuations, provide competitors with an advantage, and create unwanted scrutiny.
As members of the Microsoft Detection and Response Team (DART), our job is to respond to compromises and help our customers increase their cyber resiliency. We have decades of combined experience working with customers to identify risks and provide reactive incident response and proactive security investigation services to help our customers manage their cyber-risk.
To help organizations better guard against future attacks, we’ve identified the following common mistakes that could affect the effectiveness of your security program.
1. Overlooking basic cyber hygiene essentials
One of the most common mistakes organizations can make is not adhering to basic cyber hygiene best practices, such as using stronger authentication and staying on top of security updates. In fact, basic security hygiene can protect your organization against 98% of attacks.
There are several steps that organizations can take to maintain good security hygiene and strengthen their overall security posture:
- Enable multi-factor authentication (MFA): Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
- Apply least privilege access: As one of the three principles of Zero Trust, applying least privilege access limits user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive policies, and data protection to help secure data and productivity.
- Keep patches up to date: Mitigate the risk of software vulnerabilities by ensuring your organization’s devices, infrastructure, and applications are correctly configured and kept updated with patches.
- Utilize anti-malware tools: Stop malware attacks from executing by installing and enabling anti-malware solutions on all endpoints and devices.
- Protect your data: Know where your sensitive data is stored and who has access to it. Implement data protection best practices such as applying sensitivity labels and data loss prevention (DLP) policies.
2. Falling into a false sense of security
Being compliant does not always mean you are secure. If your security protocols meet the standards established at a given point in time, you are likely compliant. You will not be secure against any new threats that have emerged since then, however. On top of this, shifting privacy regulations and limited talent and budget add to today’s business complexities.
Don’t assume that just because you don’t see signs of an incident or signs of an active attack, that you are safe. Avoid that false sense of security with a “assume breach” mindset. If you find an unpatched server, don’t assume no one else has found it or exploited it. Instead, scan the network and check systems as if you knew the server had been compromised as a result of that security hole. While attackers are continuously exploring new ways to break into an environment, by assuming breach, we can help safeguard against inevitable and potentially costly harm.
Cloud environments also continuously test our sense of security. DART has seen various security configurations in our customers’ cloud tenants, and we repeatedly see administrators flip the switch on several security tasks without genuinely understanding what they are turning on. They don’t have the necessary process and procedures needed to ensure the tasks are handling everything as designed. This consequently creates gaps in defenses and opens up opportunities for attackers to circumvent security controls. When it comes to defense-in-depth, these controls must work in concert.
3. Not knowing your environment
Identifying and managing security and data risks inside your organization can be challenging, especially when you don’t know your environment. You can’t identify where the attack was made if you do not have visibility across the environment. Beyond knowing what systems exist and who has access to what, many companies don’t even have a basic inventory of every device connected to their network.
Using a tool like Microsoft’s threat and vulnerability management built-in module in Microsoft Defender helps teams discover vulnerabilities and misconfigurations in near real time. Additionally, teams are able to prioritize vulnerabilities based on the threat landscape and detections within an organization. These insights help security teams identify potential concerns and can help accelerate time to action. Knowing your environment also helps lower the complexities found within organizations.
4. Not having a disaster plan
Attacks are inevitable, even if you have the proper safeguards in place. Having a disaster plan is less about preventing attacks and more about minimizing the damage once an event has occurred. First and foremost, employees need to know who to call when an attack occurs and where to find recommendations on how to quickly address or remediate the threat.
Adopting a business continuity and disaster recovery (BCDR) strategy can help keep your data safe and your apps and workloads online when planned and unplanned outages occur. Azure provides Site Recovery and Backup and other services that help ensure business continuity by keeping business apps and workloads running during outages, while also keeping data safe and recoverable.
While these four mistakes are common, they can be fixed with the right combination of solutions and guidance. We have also derived cybersecurity best practices from our investigations and engagements for security teams to follow.