Implementing basic cyber security “hygiene” will protect organisations from 98% of cyber threats and help them to prepare for new threats as technology advances, says Microsoft’s 2021 Digital Defense Report.
Technology is an essential element of business operations – something that has only been accelerated over the past 18 months – and cybersecurity must be a factor in overall business decision-making and not simply left to the IT department, Microsoft says.
According to the report, the following five activities will have the biggest impact on reducing cyber threats:
1. Enable multifactor authentication
Multifactor authentication (MFA) is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. MFA combines two or more independent credentials: what the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification methods.
The goal of MFA is to create a layered defence that makes it more difficult for an unauthorised person to access a target, such as a database. If one factor is compromised or broken, the attacker still has at least one or more barriers to breach before successfully breaking into the target.
The report says MFA should be enabled on all accounts that support it, in a way that is easy for all users to use. It’s also important to ensure that people understand that they should not approve an MFA request unless they were trying to log in or access a system – many people automatically click to approve any pop-up they receive.
2. Apply least privilege access
The principle of least privilege is the idea that a user, program or process should have only the bare minimum privileges necessary to perform its function. For example, a user account created for pulling records from a database doesn’t need admin rights, while a programmer whose main function is updating lines of legacy code doesn’t need access to financial records.
When attackers breach an organisation, they look for privileged credentials to provide them with access to sensitive information and systems, the report says. In addition to using MFA to protect log-in to an identity and ensuring that they have least privilege to access systems, the credentials that support that identity and provide access must be secured.
Separate accounts should be used for privileged access versus general internet and email access. Dedicated hardened workstations should be used for privileged accounts and to perform privileged tasks to prevent the chances of infection through general internet activity and email, Microsoft says.
3. Secure and manage devices
An essential part of good cyber hygiene is ensuring that devices are kept up to date and configured correctly. Use endpoint management software to enforce policies that ensure the correct configuration settings are deployed and that systems are running the latest software, Microsoft says.
Wherever possible, ensure that all devices are constantly running the latest version of software. This includes ensuring a means of updating every piece of software or application so that there are no dependencies that prevent you from implementing the latest updates and patches. For those devices missing critical patches, restrict them from accessing sensitive resources.
The same approach should be taken for cloud services, using cloud security posture management to ensure that systems are configured correctly. Keeping software and systems up to date can be easier in the cloud where update domains enable migration to updated infrastructure for testing with the option to roll back easily if issues occur.
For systems where updating software is not as easy, a strong inventory of systems is needed to understand which equipment exists and how vulnerable it may be to certain attacks.
4. Use antimalware and workload protection tools
Antimalware and detection and response technologies should be deployed across the ecosystem to prevent attacks and provide warning of any anomalies or threats that may be attempting to breach the environment.
For cloud systems, workload protection should be deployed across all systems from virtual machines and containers to machine learning algorithms, databases and applications.
5. Protect data
Good cyber hygiene as outlined in the previous four steps can protect data, but it is also important that organisations know which sensitive data they have and ensure they have measures in place to protect it.
To take a risk-based approach to protecting data, it is important to know your data – to understand what is sensitive and what may be subject to regulatory requirements. While there have been standards for data governance and data protection for more than 30 years, many organisations have struggled to implement them.
“As we move into a world where we increasingly collaborate and share data, it’s important to ensure we understand what data we have, classify it accurately and apply sensitivity labels as appropriate. This practice will enable us to use information protection and data loss prevention technologies to protect data with more confidence. In the event of a breach, these practices can also help security teams to know where the most sensitive data is and whether it was exposed to attackers,” Microsoft says.