Digital transformation is a critical shift under which businesses are using data-powered platforms and applications to improve nearly every aspect of their business operations. New open ecosystems and the democratization of data means more users in varied locations sharing data across more applications, devices, platforms, and environments — both internally and externally.
As businesses continue to digitize processes, security teams must contend with an increase in attack vectors and more complicated management, all while keeping pace with increasingly sophisticated attackers. In the face of this massive challenge, security teams are evaluating and refreshing their legacy security procedures, tools, and skill sets to accommodate a new and adaptable approach to enterprise security.
Microsoft Security Intelligence Report provides Security teams a reflection on last year’s security events and includes an overview of the security landscape, lessons learned from the field, and recommended best practices. You can download the PDF, but you can also visit an online, interactive version that provides tools to filter and deep dive into the data. To create this report, the SIR team culled core insights and key trends out of a year’s worth of data from multiple, diverse sources. We analyzed the 6.5 trillion security signals that go through the Microsoft cloud every day. We gathered insights from thousands of security researchers based around the world, and we learned lessons from real-world experiences, like the Ursnif campaign and the Dofoil coin-miner outbreak. There is a lot going on, but the SIR team distilled the data down into four key trends:
- Ransomware attacks are on the decline.
- Cryptocurrency mining is prevalent.
- Software supply chains are at risk.
- Phishing remains a preferred attack method.
Gaining both the understanding of the current security landscape externally, but also your companies security posture is a key step as Security teams are evaluating security procedures and tools. Microsoft Secure Score, provides you an an overview of your organization’s security posture and benchmarks for organizations of similar size and industry. Secure Score, is included in your subscription, and with it we aim to provide guidance on how to increase your security level while keeping your employees productive.
Reducing security complexity
In the study, paid for by Microsoft, Forrester asked 481 IT security decision makers, “How challenging are the following security goals/objectives to achieve?” and found them all to be highly or extremely challenging:
So how are enterprise IT security teams successfully reducing complexity to improve their security efforts in the face of digital transformation? The study found an interesting correlation between vendor consolidation and strategy modernization in successfully achieving both business and security initiatives, when executed in concert with each other. Reducing the number of disparate security point solutions that must interact with each other — particularly older, legacy ones — brings complexity down to a manageable level and allows businesses the visibility, security, and control to expand their digital adoption with confidence. Vendor consolidation and modernization can also yield cost savings by lowering technology budgets, increasing management efficiencies, and avoiding the costs of a data breach or regulatory noncompliance
Forrester’s in-depth survey of IT security decision makers yielded several important recommendations:
- Implement security by design
- Consolidate security vendors and security solutions
- Increase measurement, analytics, and reporting capabilities
- Discover and manage shadow IT
- Adapt security to users