This blog was co-authored by Norm Andersch, sr. cybersecurity architect, and Anna Donnelly, services product manager.
If you’re a cybersecurity pro and you haven’t been living under a rock, you’ve seen the headlines. Companies continue to lose millions to bad actors — where efforts to infiltrate have been minimal. For today’s hackers, the juice is definitely worth the squeeze.
Increasingly, groups like Scattered Spider — known for using ransomware and social engineering to infiltrate networks — are gaining access to systems simply by calling an employee or a help desk, and pretending to be someone else. Anyone brazen enough with an authoritative voice can arm themselves with information mined from social media profiles to infiltrate your organisation.
“Vishing” or “voice phishing” is a form of social engineering that manipulates people into acting on behalf of those with convincing, nefarious intentions.
Zero Trust security principles
Traditionally, security orgs have spent too much time concerning themselves with what they’re securing, and not with who has access. Today’s most publicised breaches give us a stark reminder of the importance of Zero Trust security — a modern security model that assumes that no one inside or outside the network should be trusted unless their identity and access are verified.
Say your company becomes a target for a social engineering attack. If Zero Trust is in place, users in your organisation with access to your most critical systems would be identified and flagged. Several barriers would be in place to ensure their identities are fully trusted and verified. Anyone calling to reset a password would need to jump through several hoops to ask for a password reset. Anyone without intimate knowledge and access to a user’s personal information and devices would be unable to request any action.
Zero Trust security is based on three principles: Verify explicitly, use least-privilege access and assume breach.
- Verify explicitly means that every request for access to a resource must be authenticated and authorised based on multiple factors — such as user identity, device health, location, data classification and anomalies.
- Use least-privilege access means that users should only have the minimum level of access they need to perform their tasks — and that access should be granted on a just-in-time and just-enough basis.
- Assume breach means that the network should be segmented and encrypted to minimise the damage in case of an attack — and that analytics should be used to monitor, detect and improve the defenses.
Cloud security done right
The good news is that Microsoft has made implementing and managing Zero Trust in your environment easy. There are many discreet solutions that provide some of what Microsoft can do through Zero Trust approach. Businesses are able to optimise their identity ecosystems and leverage simpler, single-pane-of-glass management. Microsoft cloud solutions work together to establish a robust Zero Trust security model that focuses on verifying identities, applying least-privilege access and continuously monitoring for potential threats, regardless of the location or network boundaries.
A snapshot of the benefits
Microsoft Entra ID is the cornerstone of identity and access management in Microsoft's Zero Trust approach. It provides features like Multi-Factor Authentication (MFA), Conditional Access policies, Identity Protection, and Single Sign-On (SSO) to ensure secure and seamless user access to resources while continuously evaluating risk.
Microsoft Entra ID Protection safeguards identities by detecting and mitigating identity risks in real time. It uses adaptive risk scoring to assess user behavior and identify potential threats, including compromised accounts, suspicious activities and risky sign-ins. By leveraging machine learning and security signals from Microsoft services, it provides proactive protection against identity-based attacks. Microsoft Entra ID Protection allows organisations to create risk-based conditional access and data loss protection policies prompting additional authentication or blocking access for high-risk activities. This comprehensive solution enhances security and reduces the risk of unauthorised access, data breaches and account compromise.
Microsoft Defender for Identity is a threat protection solution for on-premises identities that uses behavioral analytics to detect suspicious activities and potential threats in real-time. It helps organisations identify and respond to security risks early in the attack chain.
Microsoft Purview offers capabilities for data defense in depth strategy and a Zero Trust implementation for data protection. These capabilities are supported by appropriate role-based permissions and administrative units to provide just-enough-access and segment access. It ensures that data remains secure, even when shared externally or accessed from untrusted devices, aligning with Zero Trust principles of protecting data, not just the network perimeter.
Microsoft Defender for Cloud Apps offers visibility, control and threat protection for cloud applications. It helps organisations understand and secure the use of shadow IT and ensures that access to sensitive data in cloud applications is controlled and monitored.
How will you strengthen your defenses?
Being a CISO in today's world means that staying on top of the latest solutions to address the latest threats has become a strategic priority. Luckily, our clients are leveraging Microsoft’s best-in-class cloud security solutions with simplified management to mitigate threats — whether internal or external, vishing or phishing, or any number of tactics we haven’t thought of yet.
As a never-ending stream of bad actors continues to threaten your business, know that you have options to strengthen your position.