{"id":17492,"date":"2020-01-21T01:00:35","date_gmt":"2020-01-21T09:00:35","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/01\/21\/news-11227\/"},"modified":"2020-01-21T01:00:35","modified_gmt":"2020-01-21T09:00:35","slug":"news-11227","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/01\/21\/news-11227\/","title":{"rendered":"How companies can prepare for a heightened threat environment"},"content":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Mon, 20 Jan 2020 17:00:31 +0000<\/strong><\/p>\n<p>With high levels of political unrest in various parts of the world, it\u2019s no surprise we\u2019re also in a period of increased cyber threats. In the past, a company\u2019s name, political affiliations, or religious affiliations might push the risk needle higher. However, in the current environment any company could be a potential target for a cyberattack. Companies of all shapes, sizes, and varying security maturity are asking what they could and should be doing to ensure their safeguards are primed and ready. To help answer these questions, I created a list of actions companies can take and controls they can validate in light of the current level of threats\u2014and during any period of heightened risk\u2014through the Microsoft lens:<\/p>\n<ul>\n<li><strong>Implement Multi-Factor Authentication (MFA)<\/strong>\u2014It simply cannot be said enough\u2014companies need MFA. The security posture at many companies is hanging by the thread of passwords that are weak, shared across social media, or already for sale. MFA is now the standard authentication baseline and is critical to basic cyber hygiene. If real estate is &#8220;location, location, location,\u201d then cybersecurity is \u201cMFA, MFA, MFA.\u201d To learn more, read <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/01\/15\/how-to-implement-multi-factor-authentication\/\" target=\"_blank\" rel=\"noopener\">How to implement Multi-Factor Authentication (MFA)<\/a>.<\/li>\n<li><strong>Update patching<\/strong>\u2014Check your current patch status across all environments. Make every attempt to patch all vulnerabilities and focus on those with medium or higher risk if you must prioritize. Patching is critically important as the window between discovery and exploit of vulnerabilities has shortened dramatically. Patching is perhaps your most important defense and one that, for the most part, you control. (<em>Most attacks utilize known vulnerabilities.<\/em>)<\/li>\n<li><strong>Manage your security posture<\/strong>\u2014Check your <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/mtp\/microsoft-secure-score\" target=\"_blank\" rel=\"noopener\">Secure Score<\/a> and <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/microsoft-365-compliance-center\" target=\"_blank\" rel=\"noopener\">Compliance Score<\/a> for Office 365, Microsoft 365, and Azure. Also, take steps to resolve all open recommendations. These scores will help you to quickly assess and manage your configurations. See \u201cResources and information for detection and mitigation strategies\u201d below for additional information. (<em>Manage your scores over time and use them as a monitoring tool for unexpected consequences from changes in your environment<\/em>.)<\/li>\n<li><strong>Evaluate threat detection and incident response<\/strong>\u2014Increase your threat monitoring and anomaly detection activities. Evaluate your incident response from an attacker\u2019s perspective. For example, attackers often target credentials. Is your team prepared for this type of attack? Are you able to engage left of impact? Consider conducting a tabletop exercise to <strong>consider <\/strong>how your organization might be targeted specifically.<\/li>\n<li><strong>Resolve testing issues<\/strong>\u2014Review recent penetration test findings and validate that all issues were closed.<\/li>\n<li><strong>Validate distributed denial of service (DDoS)<\/strong> <strong>protection<\/strong>\u2014Does your organization have the protection you need or stable access to your applications during a DDoS attack? These attacks have continued to grow in frequency, size, sophistication, and impact. They often are utilized as a \u201ccyber smoke screen\u201d to mask infiltration attacks. Your DDoS protection should be always on, automated for network layer mitigation, and capable of near real-time alerting and telemetry.<\/li>\n<li><strong>Test your resilience<\/strong>\u2014Validate your backup strategies and plans, ensuring offline copies are available. Review your most recent test results and conduct additional testing if needed. If you\u2019re attacked, your offline backups may be your strongest or only lifeline. (<em>Our incident response teams often find companies are surprised to discover their backup copies were accessible online and were either encrypted or destroyed by<\/em> <em>the attacker<\/em>.)<\/li>\n<li><strong>Prepare for incident response assistance<\/strong>\u2014Validate you have completed any necessary due diligence and have appropriate plans to secure third-party assistance with responding to an incident\/attack. (<em>Do you have a contract ready to be signed? Do you know who to call? Is it clear who will decide help is necessary?<\/em>)<\/li>\n<li><strong>Train your workforce<\/strong>\u2014Provide a new\/specific round of training and awareness information for your employees. Make sure they\u2019re vigilant to not click unusual links in emails and messages or go to unusual or risky URLs\/websites, and that they have strong passwords. Emphasize protecting your company contributes to the protection of the financial economy and is a matter of national security.<\/li>\n<li><strong>Evaluate physical security<\/strong>\u2014Step up validation of physical IDs at entry points. Ensure physical reviews of your external perimeter at key offices and datacenters are being carried out and are alert to unusual indicators of access attempts or physical attacks. (<em>The \u201csee something\/say something\u201d rule is critically important.<\/em>)<\/li>\n<li><strong>Coordinate with law enforcement<\/strong>\u2014Verify you have the necessary contact information for your local law enforcement, as well as for your local FBI office\/agent (federal law enforcement). (<em>Knowing who to call and how to reach them is a huge help in a crisis.<\/em>)<\/li>\n<\/ul>\n<p>The hope, of course, is there will not be any action against any company. Taking the actions noted above is good advice for any threat climate\u2014but particularly in times of increased risk. Consider creating a checklist template you can edit as you learn new ways to lower your risk and tighten your security. Be sure to share your checklist with industry organizations such as FS-ISAC. Finally, if you have any questions, be sure to reach out to your account team at Microsoft.<\/p>\n<h3>Resources and information for detection and mitigation strategies<\/h3>\n<ul>\n<li>Information from the U.S. Department of Homeland Security\u2014<a href=\"https:\/\/www.us-cert.gov\/ncas\/alerts\/aa20-006a\" target=\"_blank\" rel=\"noopener\">Cybersecurity and Infrastructure Security Agency, Alert (AA20-006A)<\/a><\/li>\n<li>Information from the Center for Internet Security\u2014<a href=\"https:\/\/www.cisecurity.org\/blog\/cis-microsoft-azure-foundations-benchmark-v1-0-0-now-available\/\" target=\"_blank\" rel=\"noopener\">CIS Microsoft Azure Foundations Benchmark guide<\/a><\/li>\n<li>Learn more about Azure Security Center\u2014<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/\" target=\"_blank\" rel=\"noopener\">Azure Security Center documentation<\/a><\/li>\n<li>Learn more about MFA\u2014<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/01\/15\/how-to-implement-multi-factor-authentication\/\" target=\"_blank\" rel=\"noopener\">How to implement Multi-Factor Authentication (MFA)<\/a><\/li>\n<li>Check and improve your Secure Score in Azure\u2014<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/security-center-secure-score\" target=\"_blank\" rel=\"noopener\">Improve your Secure Score in Azure Security Center<\/a><\/li>\n<li>Check and improve your Compliance Score in Office 365\u2014<a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/microsoft-365-compliance-center\" target=\"_blank\" rel=\"noopener\">Microsoft Compliance Score<\/a><\/li>\n<\/ul>\n<p>In addition, bookmark the <a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noopener\">Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us at <a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener\">@MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/p>\n<p><em><strong>About the author<\/strong><\/em><\/p>\n<p><em>Lisa Lee is a former U.S. banking regulator who helped financial institutions of all sizes prepare their defenses against cyberattacks and reduce their threat landscape. In her current role with Microsoft, she advises Chief Information Security Officers (CISOs) and other senior executives at large financial services companies on cybersecurity, compliance, and identity. She utilizes her unique background to share insights about preparing for the current cyber threat landscape.<\/em><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/01\/20\/how-companies-prepare-heightened-threat-environment\/\">How companies can prepare for a heightened threat environment<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/01\/20\/how-companies-prepare-heightened-threat-environment\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Mon, 20 Jan 2020 17:00:31 +0000<\/strong><\/p>\n<p>Learn what actions companies can take and controls they can validate in light of the current level of threats, and during any period of heightened risk.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/01\/20\/how-companies-prepare-heightened-threat-environment\/\">How companies can prepare for a heightened threat environment<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[21500,21481,21877,21483],"class_list":["post-17492","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","tag-azure-security","tag-microsoft-365","tag-security-strategies","tag-threat-protection"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17492"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17492\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17492"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}