It’s a familiar message at Lockton Affinity’s CyberLock Defense: multi-factor authentication, threat monitoring, response planning and risk mitigation protect against most cyber attacks. But sometimes it helps to hear that message from other top experts in the industry.
Microsoft recently introduced Cyber Signals, a new quarterly cyberthreat intelligence brief that offers an expert perspective into the current cyberthreat landscape. The experts agree that while the risk of cyber attacks continues to grow and develop, most attacks can be prevented with basic cybersecurity practices. Here’s what to know.
Microsoft Detects Millions of Cyber Attacks in 2021
With its software on hundreds of millions of computers, Microsoft has unique insight into the problem of cyber attacks. In 2021, it detected 83 million cyber attacks against commercial and enterprise customers, ranging from phishing emails to malware to brute force attacks.
Microsoft’s Cyber Signal Report says that most organizations aren’t protected against the identity-focused attacks that plague modern businesses. Digital identifiers such as email addresses and passwords are used everywhere to access apps and services. Yet threat actors use these identifiers to penetrate networks, steal credentials and impersonate employees and consumers online. Microsoft notes that even nation-state actors, who are increasingly targeting businesses in key sectors, typically use the same simple exploits as ordinary hackers to steal emails addresses and passwords.
Looking at how business customers use Microsoft Azure Active Directory, Microsoft’s cloud identity solution, the report found that most did not enable strong authentication. This meant that while some of these cyber incidents targeted protected systems, 78% targeted systems without it, leaving those businesses more vulnerable to the attacks and more likely to suffer a loss or claim.
Microsoft’s Recipe for Preventing 98% of Attacks
Microsoft’s report offers a simple message to chief information security officers, chief information officers, chief privacy officers and other technology professionals in charge of protecting systems:
- Most attacks are preventable with basic cybersecurity practices.
Echoing CyberLock Defense, Microsoft notes that up to 98% of attacks can be prevented by focusing on a few key cybersecurity areas, including:
1. Multi-Factor Authentication (MFA)
Multi-factor authentication is a security tool that requires something else from you besides your login and password to access your account. That could be a PIN, security question answers, or a temporary security code emailed or texted to you. Some high-security MFA systems even work with badges, key fobs, fingerprints or other biometric data. The idea is to provide two or more levels of security so that only you can access your data.
Microsoft notes that cyber attacks like ransomware thrive on default or compromised credentials. Implementing MFA on all user accounts is recommended, with executive, administrator and other privileged roles being prioritized for earliest implementation. By doing so, Microsoft emphasizes that businesses can minimize the risk of passwords falling into the wrong hands.
For more info on MFA, see our blog on the Importance of Multi-Factor Authentication.
2. Active Threat Monitoring
Active threat monitoring is the practice of periodically checking that systems, accounts and data are all in order. It can take many forms. Your network administrator can:
- Enable automated security features to scan and filter email and web content for viruses and malicious objects.
- Put systems in place to monitor your network for unusual events or user activity.
- Carry out periodic patch and update maintenance to keep devices, systems and applications safe and secure.
- Manage network administrative privileges to protect the network from account users making accidental or intentional alterations.
Microsoft recommends that businesses learn how to identify telltale anomalies in time to act. These often include early logins, file movement, and other behaviors that can introduce viruses, malware and ransomware. Periodic auditing of account privileges is also recommended, with the principle of granting the least privilege necessary to fulfill the required role, and the prompt disabling or removal of any unused administrative privileges.
For more tips on active threat monitoring, see our blog on Ways to Help Prevent Cyber Attacks.
3. Cyber Incident Response Planning
A cyber incident response plan helps guide you on what to do and how to do it when a cyber incident has occurred. As many as 34% of businesses don’t have a response plan in place, which increases risk, since confusion over what to do can make a cyber attack worse, increase your liability and leave you unprepared to address the concerns of clients and customers.
Microsoft recommends that businesses have a well-thought-out plan before they need it. While most businesses in the era of cloud sync-and-share maintain backups, these copies are different from the entire IT systems and databases they live inside of. Microsoft recommends conducting recovery exercises to visualize what full restoration will look like so you can fine-tune your response plan.
For more on cyber incident response planning, see our blog on Forming a Cyber Attack Response Plan.
4. Pre- and Post-Incident Risk Mitigation
Reducing the risk posed to your business by a cyber attack can start now, before one has occurred. Actions such as reading articles like this, training employees on cyber safety, implementing cybersecurity tools such as MFA, monitoring your network for threats and drafting a response plan are all steps any business can take right away. Risk reduction steps are also possible even after you become aware of an incident, and may help lessen its impact. These steps could include working with cyber incident response experts, such as technology consultants, forensics experts, legal defense counsel and public relations.
Microsoft notes that proper risk mitigation often means moving quickly. Businesses need to have systems in place to manage and respond to alerts when they are raised by an employee or an automated monitoring system. A primary focus should be strengthening any weak security configurations that could allow the attack to succeed. With many cyber attacks unfolding slowly over weeks or months, a quick response really can make a difference.
For more on risk mitigation, see our blog on Cyber Specialist Resources for Policy Holders.
How to Further Protect Your Business
Implementing the right cybersecurity practices can prevent most cyber attacks, but there’s always a chance a determined hacker could get through. The typical cyber attack can cost businesses as much as $1 million or more, due to data loss, business interruption, loss of income, litigation, regulatory fees and other related costs. To protect your business, it’s important to ensure you have the right cyber liability protection.
Lockton Affinity offers CyberLock Defense, an industry-leading Cyber Liability Insurance coverage available with broad coverage, flexible limits and no policy sublimits, so you always have access to your full policy limits. CyberLock Defense can help cover the cost of data restoration, business interruption, IT forensics, legal expenses, public relations and more.
Discover more benefits of cyber liability insurance for your business today. Visit CyberLockDefense.com to learn more.