Add Microsoft to the growing chorus of tech companies urging organizations to implement multi-factor authentication as soon as possible to increase their security posture.
In a new study released Tuesday called the Digital Defence Report, Microsoft urged infosec teams to focus on cybersecurity basics, including regular application of security updates, comprehensive backup policies and, especially, enabling multi-factor authentication (MFA).
“Our data shows that enabling MFA would alone have prevented the vast majority of successful attacks,” during the 10 month-period ending in July.
During the first half of 2020, Microsoft saw an increase in identity-based attacks using brute force on enterprise accounts. “Given the frequency of passwords being guessed, phished, stolen with malware or reused, it’s critical for people to pair passwords with some second form of strong credential,” says the report. “For organizations, enabling MFA is an essential call to action.”
Passwordless authentication options are recommended for best security and user experience, the report adds. “Using an authenticator app is always the preferred option over SMS/voice authentication.”
Among the report’s findings:
- Ransomware is the most common reason behind Microsoft’s incident response engagements from October 2019 through July 2020;
- The most common attack techniques used by nation-state actors in the past year were reconnaissance, credential harvesting, malware and virtual private network (VPN) exploits;
- IoT threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35 per cent increase in total attack volume compared to the second half of 2019;
- Nation-states are increasingly targeting nongovernmental organizations (NGOs), advocacy groups, human rights organizations and think tanks focused on public policy, international affairs or security;
- 73 per cent of CISOs surveyed indicated that their organization encountered leaks of sensitive data and data spillage in the last 12 months. Respondents also said they plan to spend more on insider risk technology owing to the COVID-19 pandemic.
The report is broken into several sections, including the state of cybercrime (covering ransomware, phishing, business email compromise, supply chain security and COVID -related attacks), nation-state attacks, remote workforce threats and actionable learnings. It could be read by senior management as well as IT pros.
Among the steps organizations can take to increase their cybersecurity today are:
- Adopt multi-factor authentication;
- Drop passwords altogether and go passwordless with face authentication, fingerprints, or a PIN code;
- Use good email hygiene platforms that incorporate filtering on the way in and link checking;
- Have a good patch management program;
- Have a good configuration change management program to avoid security risks by misconfiguration;
- Monitor security of all cloud services;
- Limit access to sensitive data to only those who need it
- Slow attacks with network segmentation;
- And secure Internet of Things devices.
The report can be downloaded here.