Cyber signals: defending against cyber threats with the latest research, insights, and trends


At the start of the month Microsoft introduced Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research. This content, to be released quarterly, offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and strategies used by the world’s most prolific threat actors.


As we have seen ourselves working with customers, cyber attacks by nation-state actors are on the rise and despite their vast resources, these adversaries often rely on simple tactics to steal passwords, not protected by MFA etc.


The recommendations made by Microsoft reinforce how effective the following controls can be:

Enable multi-factor authentication – to verify the authenticity of users and activities:  
By doing so, organisations mitigate the risk of passwords falling into the wrong hands . Even better, eliminate passwords altogether by using passwordless MFA.


Audit account privileges:
Privileged-access accounts, if hijacked, become a powerful weapon attackers can use to gain greater access to networks and resources. Security teams should audit access privileges frequently, using the principle of least-privilege granted to enable employees to get jobs done.


Review, harden, and monitor all tenant administrator accounts:
Security teams should thoroughly review all tenant administrator users or accounts tied to delegated administrative privileges to verify the authenticity of users and activities.


Establish and enforce a security baseline to reduce Audit account privileges:
Nation-states play the long game and have the funding, will, and scale to develop new attack strategies and techniques. Every network-hardening initiative delayed due to bandwidth or bureaucracy works in their favour. Security teams should prioritise implementing zero-trust practices like MFA and passwordless upgrades.

 

You’ll find this article a worthy a read on the topic.


Are you looking to get a Threat Modelling Platform in place to prevent attacks from damaging your business?

If you would like to find out how Methods can help your organisation to implement Threat Modelling to protect your business, register for a consultation.


To protect against these risks, we:


  • deliver embedded threat modelling to improve the security of your organisation
  • assist in building your threat modelling capabilities
  • provide tools, training and ongoing access to key threat intelligence.


Share:

Leading through a cyber crisis – strategies for CEOs

By IT Support April 17, 2024
How do you lead your company through a cyber incident? If you are responsible for protecting your organisation from cyber threats and creating a culture of cyber awareness and accountability in your organisation, I am aware of how challenging this can be.

Gunpowder, treason, and secure social media!

By IT Support November 2, 2023
Gunpowder, treason, and secure social media!

Gareth Jones receives ‘Chartered’ title in Cyber Security Governance and Risk Management

By IT Support November 1, 2023
Gareth Jones receives ‘Chartered’ title in Cyber Security Governance and Risk Management
More Posts
Share by: