Enterprise cyberattacks are more frequent, complex, destructive, and costly than ever. The average cost of a data breach globally is nearly $4 million, and “mega breaches” involving more than one million records can cost $40 million or more.
Cybersecurity threats don’t just endanger organizational balance sheets. Advanced persistent threats (APTs), which tend to target national defense systems, the financial and manufacturing industries, and other organizations that store highly sensitive information, can have significant real-world repercussions and even put human lives at risk. Global investors and c-suite executives alike are growing increasingly alarmed. The PwC Global Investor Survey 2018 found that investors see cyberattacks as the biggest threat businesses currently face, and business leaders rank it in the top three, alongside over-regulation and terrorism.
The new and enhanced cybersecurity features and tools in Microsoft products were a major focus at Ignite 2018. Microsoft unveiled new security tools for its popular enterprise cloud services, Azure and Office 365, that make use of artificial intelligence and machine learning algorithms. This article will examine six of the biggest cybersecurity threats enterprises face right now and discuss how Microsoft’s security tools can help them mitigate their risk.
The 6 Most Dangerous Cyber Threats to Businesses
1.) Shadow IT
“Shadow IT” is a broad term referring to any software, device, or service being used on your enterprise network without the knowledge of the IT department. Just like everything else, shadow IT has migrated to the cloud, where it has been growing relatively unchecked. SaaS apps are plentiful, free or very low-cost, and easy for anyone to access and use. Over 80% of employees admit to using unauthorized SaaS applications on the job. Cloud apps that haven’t been vetted by your IT team could put your data at risk of breaches, introduce malware into your network, possibly create compliance issues, and broaden the potential attack surface for cybercriminals, who could use a rogue cloud service as a backdoor into your enterprise network. Gartner has predicted that by 2020, one-third of successful enterprise cyberattacks will be launched on shadow IT resources.
To help combat shadow IT, Microsoft’s Cloud App Security (CAS) tool, which is accessed through the Office 365 Security and Compliance Center, works by analyzing your firewall logs. With CAS you are able to discover and manage the Shadow IT applications inside your organization, protect your sensitive information, detect and remediate cyber threats across your cloud apps, and even extend the protection outside of the Microsoft 365 stack for approved third-party SaaS applications.
Because CAS analyzes data from all of your organization’s apps, the tool helps you detect unauthorized usage of unapproved apps, tagging applications as sanctioned or unsanctioned, and providing ways to block their future usage. Using Microsoft’s Intelligent Security Graph (ISG), CAS can also detect any deviations from baseline, policies, or behavior, and notifies you if there are any attempts of unauthorized data access.
2.) Unpatched & Legacy Operating Systems & Software
It can be a challenge to keep operating systems and software applications up-to-date in an enterprise environment, but the risks of not upgrading/patching are very serious. The Equifax breach happened because of an Apache Struts vulnerability that was left unpatched for two months. The EternalBlue exploit impacts older, unpatched versions of Windows and was used to launch the WannaCry and Petya ransomware attacks; it continues to infect organizations running unpatched machines today.
Microsoft has several tools to make update management of its products easier. The Azure Update Management solution allows users to manage operating system updates for Windows and Linux computers that are deployed in Azure, in on-premises environments, or in other cloud providers. The System Center Configuration Manager can be used to manage Office 365 client updates via the Software Update management workflow; it supports Office 365 ProPlus, Visio Online Plan 2 (previously known as Visio Pro for Office 365), Project Online Desktop Client, and Office 365 Business.
Why spend time trying to break into a system when you can steal legitimate login credentials and walk right in the front door, or impersonate a CEO or a vendor and convince an employee to send you privileged information or even cash? The old standby, phishing, continues to be quite effective. Verizon’s 2018 Data Breach Investigations Report found that 90% of cyberattacks originated with a phishing scheme. The FBI estimates that global losses due to business email compromise (BEC), a highly targeted form of phishing where hackers convince unwitting employees to send them information or money, have exceeded $12.5 billion. Late last month, a school district in Texas lost over $600,000 to a BEC scheme where a hacker impersonated a legitimate vendor seeking payment on an invoice.
Office 365 includes several tools to protect against phishing. For maximum protection, enterprises can purchase add-ons such as Office 365 Advanced Threat Protection. Additionally, Microsoft announced at Ignite that it is seeking to do away with passwords by allowing password-less, 2FA access to hundreds of thousands of Azure Active Directory apps through Microsoft Authenticator. Switching to 2FA will protect enterprises against the use of stolen passwords for phishing schemes and other cyber abuse.
4.) Cryptomining / Cryptojacking
Cryptojacking, where hackers hijack enterprise machines and use them to illicitly “mine” cryptocurrencies, has displaced ransomware as the most common form of malware. Cryptojacking malware has been around for a few years. It used primarily to target consumer IoT devices, such as smartphones, and was largely an annoyance that made infected devices sluggish and prevented users from accessing certain folders. However, today’s next-generation cryptojacking malware such as WannaMine specifically targets enterprise networks, and it can damage hardware and cause applications to crash.
Windows 10 Enterprise customers can protect themselves from cryptojacking malware using Windows Defender Advanced Threat Protection, a comprehensive set of security tools that can detect malware within the enterprise environment. It can also block access in Microsoft Edge to malicious websites that host invisible cryptominers and other forms of malware.
Although cryptojacking has become more common, ransomware still presents a clear and present danger to organizations, especially government agencies and critical infrastructure. Just ask the City of Atlanta, which is still dealing with the aftermath of a March ransomware attack that it spent $2.6 million cleaning up. Recently, a ransomware attack crippled a North Carolina water utility that was still struggling to recover from Hurricane Florence.
Luckily, Office 365 includes built-in protection against ransomware and other malware, including ransomware protection and recovery, a file restore feature for OneDrive, and advanced link checking.
6.) Insecure IoT Devices
Connected devices are proliferating and becoming essential to every area of our lives. Yet IoT security largely remains a Wild West, with no common set of standards. This lack of security poses real-world risks that threaten the adoption of IoT devices by consumers and enterprises. Nearly half of IoT buyers say that security is a significant barrier, and 93% of executives would be willing to pay more for more secure devices.
In 2015, Microsoft began to research how to secure the microcontroller (MCU) chip that powers IoT devices, from insulin pumps to smart watches, identifying seven properties that are essential to securing smart devices. At Ignite, it announced the launch of the public preview of Microsoft Azure Sphere, a new, end-to-end solution for creating highly secure IoT devices running on MCU chips. Azure Sphere includes three components – Azure Sphere certified MCUs, the Azure Sphere OS, and Azure Sphere Security – that work together to allow developers to create smart devices that meet all seven of its security requirements.
Securing Your Business
Although technical tools are important weapons in the war against cybercriminals, enterprises cannot depend solely on machines and algorithms to fend off hackers and maintain compliance with industry and regulatory standards. Clear, consistent security policies, comprehensive data governance, and employee training are just as important as link-checking and multi-factor authentication. A combination of technical tools and real-world security measures is key to protecting your business.