How to ensure your company is protected from cybercrime attacks
Security: a business opportunity
Over the next few years, cybercrime attacks are expected to cost as much as $3 trillion in lost economic value.
The sheer scale of such a huge figure is almost impossible to grasp, but the real-world impact of these attacks has, in recent times, been made all too clear, with cybercrime a prevalent problem in Central and Eastern Europe, while reaching headlines across the globe.
As more and more businesses undergo digital transformation by embracing the benefits of adopting new technology, we must all ensure that the technology that enhances our lives is used in a responsible manner.
For companies, the increased use of the cloud, data, and devices, comes with an important responsibility to make sure that information is kept securely, and used in a compliant manner.
There is a real opportunity here for all organizations to be prepared and defend their systems and assets in a timely and efficient manner. Free services such as Microsoft’s new Cybersecurity Assessment Tool – which analyses existing risks and offers advice to reduce them – offer guided and informative first steps on the path to confident security.
Before we look at the tools and education needed to leverage this opportunity and minimise the risks caused by cybercrime, it’s important to have a general overview of the current risks.
The changing threat landscape
Cybercrime has evolved. An activity which first began with PC enthusiasts experimenting with the capabilities of code has, over the years, become more focused and sinister, with financial thieves and even nation-state attacks on governments around the world making headlines.
Attacks come in many different shapes and forms. The most common forms of attacks, with 90 percent in total, still begin with simple phishing emails, in which users provide sensitive information to what they believe to be an email from a genuine trusted source, such as a bank.
Acquiring someone’s credentials and using them to gradually elevate permission has become the most effective means of reaching lucrative company data. As a result, 63 percent of data breaches are traced back to a compromised identity. Often, the people whose identities were used have no idea they were involved.
In 2016 alone more than three billion customer data records were breached in a series of high-profile attacks, damaging the reputation of the affected companies in the process.
It’s easy to dismiss cyberattack warnings as scaremongering, but the reality is that this is simply the world that we live in, and it’s in everyone’s best interests to take every measure available to act responsibly.
Security and cyberattack prevention should also be viewed as an opportunity for businesses to differentiate themselves. With cybercrime more prevalent and damaging than ever, companies which demonstrate competency and a desire to do all they can to protect their customers, will be viewed favourably by new and existing clients, as well as by their industries as a whole, while fostering loyalty.
Overall, a total of 71 percent of companies admitted falling victim to cyber-attacks last year, with ransomware attacks – ones in which a user’s machine is rendered useless unless a fee is paid to the attacker – being the most profitable.
Victims paid a combined amount of $209 million due to such attacks last year. Evidence of the success of these attacks is also clear – the internet infrastructure for launching these attacks grew by 3,500 percent in the first quarter of last year alone, with 140 countries estimated to be developing cyber weapons.
These facts and figures are sobering, even daunting, for companies of all sizes – especially for Small and Medium Enterprises (SMEs), who have more limited resources.
Remaining compliant, and responsible, while safeguarding against cyberattacks is crucial, however, and entirely possible for all businesses, big and small, with the right support, knowledge, and tools.
Prevention is key
Often, successful cyber-attacks work because victims aren’t adequately prepared against them in the first place. Weaknesses vary in number and severity, but common mistakes include not updating software and operating systems to the latest, most secure versions, or falling victim to inadvertently providing sensitive information to illegitimate parties.
Businesses of all sizes can struggle to constantly stay on top of the fast-paced threat landscape. Secure defences one week may be completely redundant the next, and keeping up with the latest threats and ensuring that the correct measures are in place is a full-time job, regardless of an organisation’s size and resources.
For this reason, rather than trying to manage security on their own, businesses are increasingly relying on cloud service providers such as Microsoft whose core competency and focus is on keeping its customers’ data secure and compliant. Secure data, after all, will result in happy customers.
How secure is your business?
Microsoft spends $1 billion a year on security, and has a holistic approach to helping customers limit their attack surface and protect user identities – and it all begins with its new, free, Cybersecurity Self-Assessment Tool.
Certified Microsoft cybersecurity experts collaborated to create the tool, which covers more than 20 of the most important security points in four major cybersecurity categories.
The easy-to-use service is designed to help users pinpoint their cybersecurity strengths and weaknesses, before creating a bespoke report with tips and recommendations aimed specifically at addressing areas of concern.
The main areas of focus covered in the assessment are below, and more details on each one can be obtained by visiting the relevant pages:
Prevent identity compromise
Help protect against compromise while uncovering potential breaches
Secure apps and data
Boost productivity with cloud access while helping keep information protected
Expand device controls
Deliver enhanced security across both company and personal devices
Enforce policies that help keep cloud resources and hybrid environments safe
Once the threats and areas of concern have been highlighted in the report, users can begin to rectify weaknesses with a variety of different services and tools.
One such tool is Microsoft Enterprise Mobility + Security – one of the company’s fastest growing products in history – which allows identities to be tracked and managed, while placing security measures and restrictions across all of its products and services. One use-case would, for example, be the prevention of a document containing sensitive information to be shared with anyone not on a pre-approved list.
Office 365’s Advanced Threat Protection as another key tool in the first line of defence, by providing built-in protection from phishing attacks, while Microsoft’s Intelligent Security Graph adds another layer of complex security measures.
Informed by over 450 billion authentications that the company processes every month, 200 billion emails scanned for malware and phishing and one billion Windows devices updated, the graph ensures that companies are informed of potential threats and attacks against them in a timely manner.
Safeguarding the future
The world of cybersecurity is ever-changing and complex, and the lack of resources or knowledge will not be sufficient excuse should a company become victim to an attack – especially as attackers are becoming more sophisticated, while regulations such as the General Data Protection Regulation (GDPR) place even more emphasis on compliance and security.
Responsibility, then, falls on all companies to ensure that they have taken every measure possible to protect their assets and the data of their customers – and companies will be rewarded with respect, and a positive perception, which can lead to an increase in customer loyalty.
With the scaling, efficiency and cost advantages that the cloud offers, companies of all sizes can afford solutions with world-class security features built in, across each and every single one of Microsoft’s services across Office 365, Azure, and more.
For more information, please visit Microsoft’s Cybersecurity Self-Assessment Tool