How Microsoft XDR & SIEM helps you combat The Global Cyber Threat

How Microsoft XDR & SIEM helps you combat The Global Cyber Threat

In this article we take a brief look at how the cyber threat landscape is evolving and where the Microsoft Security stack helps to safeguard businesses against an ever evolving threat.

The Changing Nature of The Global Cyber Threat

Ever since the world went online in the 90s, Cyber Security has become an increasingly pressing concern for organisations big and small, as with more and more people coming online the reward potential is greater than ever before for the cyber criminal. Sadly, in recent years, the danger posed by cyber crime has been exacerbated by new ways of working (accelerated by the pandemic) as well as the proliferation of new technologies. Trends such as the increase in flexible working have presented a larger “attack surface” to criminals, with growth in the use of cloud services and bring-your-own-device initiatives presenting new portals through which cyber-attacks can be launched.

Emerging technologies such as A.I and Machine learning are also being increasingly harnessed by criminals, aiding them in the distribution of malware, the targeting of high-value individuals and allowing them access to a broader spectrum of potential victims. Cyber Crime is notoriously difficult to bring to justice, and unfortunately these new technologies are empowering the criminals with new means by which to avoid detection while inflicting greater damage than ever before.

While the criminals are becoming more advanced, research suggests that the vast majority of cyber attacks are user-initiated, with estimates suggesting that upwards of 85% of attacks are caused by end user error in some form. Social engineering via phishing scams (where emotional manipulation of employees is used to initiate fraud or malware intrusion) remains one of the most effective weapons in the cyber criminal’s arsenal. Staff cyber security training therefore, remains a crucial defence mechanism against an attack.

The implications of a Cyber Attack – What might an attack mean for my business?

Organisations often have trouble visualising the carnage a cyber-attack can inflict. Without damage mitigation measures such as effective backups, an attack can have devastating consequences which can present in various forms.

Financial Loss

Financial damage can be incurred in numerous ways. Money could be stolen either through direct user-initiated actions or via the theft of corporate/banking details. An attack could result in significant business downtime, with severe implications on trading ability. Contracts could be lost, and current customers could leave due to a loss of confidence in your operation. The cost of reinstating damaged infrastructure could further compound the financial penalties being faced.

Loss of Reputation

Regardless of the nature of the attack, any disruption to your business’ service provision will be noted with concern by stakeholders, partners and even third parties such as suppliers. In trust-heavy industries (such as the investment sector) this could cause lingering long-term reputational damage.

Legal Repercussions

Regulatory sanctions and severe financial penalties could be imposed if it’s found that sensitive data was being held without sufficient security measures in place to safeguard it. Under GDPR, businesses have an obligation to implement “appropriate technical and organisational measures” to protect data that are commensurate with the risks faced.

The Evolving threat landscape.

While the following threats aren’t new in themselves, they’ve grown fangs in recent years due to some of the factors mentioned above. Let’s explore the cyber threats all businesses should be mindful of in 2022 and beyond.

Social Engineering Scams

A social engineering scam is used by cyber criminals to persuade those within an organisation to voluntarily surrender sensitive information or perform certain actions, using the art of deception. The scammer will assume the identity of a trusted party in order to achieve their aims, typically using email and phonecalls. Both the prevalence and success rate of these scams has increased in recent years, with new technologies increasing their effectiveness and specific techniques growing in popularity among the scammers.

Supply chain attacks are one such technique, with scammers using phishing techniques to infiltrate business email accounts with the aim of sending bogus invoices or documents encoded with their malware, behind the likes of a macro. Once the attacker has email credentials in their possession they are often able to inflict significant damage before being detected.

“Spear phishing” is another technique that’s growing in popularity thanks to the growth in A.I/Machine learning technologies which make it easier for scammers to gather personal data about a target. This method of phishing involves targeting power-wielding personnel towards or at the top of an organisation’s management hierarchy. Doing so requires meticulously impersonating someone trusted by the target, and ordinarily this involves time-consuming background research in order to craft a convincing message. Sadly, A.I expedites this process by scanning the web for background info on the target, and can even source compromising personal information for which the target is more likely to pay a ransom. Scammers also use natural language algorithms to more convincingly impersonate the individual whose identity they have assumed.

Recent years have also seen a sharp increase in phishing scams using Cryptocurrencies as a means by which to lure in victims, with such attacks almost doubling between October 2020 and April 2021.

Cloud vulnerabilities

While cloud services can afford cost-effective access to enterprise-level security infrastructure, the growth in the cloud has presented a host of new challenges for cyber security professionals.

Inherent in the access-anywhere nature of cloud services is the increased possibility of unauthorised access. With these services being accessible from outside your network’s visibility, extra security precautions such as multi-factor authentication and device management are required to ensure only authorised personnel gain access to your data. 

Many of the vulnerabilities in cloud services can be attributed to careless or security-lite initial configurations, with many users using default configurations which may not meet their security needs.

Remote endpoint device vulnerabilities

The increase in remote work has increased the attack surface available to hackers thanks simply to the upsurge in endpoint device numbers. Additionally, with many of these new devices being brought online under a BYOD (bring your own device policy), company data is increasingly being accessed through devices which employers have limited control over. A 2021 report highlighted the risks associated with mobile phones in particular, with almost half of the participant companies experiencing a security incident involving the downloading of a malware-infested phone app in that year.

Ironically, hackers have even turned their attention to mobile device management systems (designed to protect remote devices) as these platforms grant a path for hackers to attack all of a company’s remote devices at the same time.

IoT (Internet of things) vulnerabilities

The proliferation of domestic smart devices has presented hackers with new access routes to corporate data, as more and more employees access corporate systems through their home network to which these devices are linked. Cyber criminals were wise to these new opportunities, and attacks on such devices skyrocketed as a result. Without taking technical steps to increase the security of home networks it’s predicted that a quarter of corporate cyberattacks could be traceable to IoT devices come 2025.

The Growth in Ransomware

While ransomware has been around for a while, sadly such attacks are becoming more pervasive and potent. An increase in “ransomware-as-a-service” providers has allowed a greater number of small-time cybercriminals in on the act, with such criminals previously lacking the capabilities to launch attacks of this nature alone. The result has been an upsurge in the number of Ransomware attacks conducted, and greater payouts for the criminal community using this attack method.

How Microsoft SIEM & XDR can help you

Microsoft has integrated suite of Microsoft products that integrated threat protection across devices, identities, apps, email, data and cloud workloads: Leveraging Microsoft SIEM and XDR helps you:

  • Secure all clouds, all platforms, protecting Azure, , and Google Cloud as well as Windows, Mac, Linux, iOS, Android, and IoT platforms.
  • Benefit from a truly integrated suite of security products that are recognised by Gartner, Forrester & IDC as market leading
  • Empower your teams with tools to enable a rapid response leveraging AI & automation
  • Stop ransomware with the ability create responses plans to prevent and respond to pervasive threats
Microsoft 365 Defender
Microsoft SIEM & XDR

Centrality, your expert managed cyber security partner.

As the world of work has evolved with unprecedented haste over the last few years, so too have the mobility-enabling and efficiency-driving technologies which make the new ways of working possible. Unfortunately however, cyber criminals have been quick to harness technologies such as A.I and exploit the vulnerabilities inherent in other technologies to their advantage. This has created a dynamic, fluid threat landscape that requires constant vigilance on the part of those in possession of sensitive corporate data. 

That’s where  Centrality’s Security Operations Centre service comes in. Passive security is no longer enough, today’s threat landscape requires the application of round-the-clock monitoring that is reactive to threats as they present themselves in real time. Our Security Operations Centre provides this real-time support in addition to the expertise and guidance needed to ensure your organisation’s security posture is as sound as it can be. 

Please make contact with our team of cyber security experts to discuss your concerns, compliance and data security requirements, and begin mapping a robust solution for your company today.