3 Most Common Modern Workplace Security Threats
For cybercriminals, attempting to infiltrate workplace security of businesses worldwide is a full-time job. That, along with a continually evolving cyber threat landscape, from individual-level threats to large scale organizational breaches, increases exposure and the need to get serious about protecting your employees and your data. Threats and the people who pose them have become so complex that it is now impossible to thoroughly safeguard your organization with just one product or service.
In this blog, we’ll look at the top three most common security threats impacting today’s modern workplace and how Microsoft’s advanced security features work together to detect and mitigate them, providing you peace of mind.
Threat #1: Credentials
Threat Category: Identity
Detected By: Microsoft Cloud App Security, Azure Active Directory Identity Protection
One of the most prolific cybercrime activities is the sharing of usernames and passwords on the Dark Web. From there the information is then traded and sold on the black market. Your employees’ credentials should be considered highly valuable information; it’s the gateway to your entire organization. When the security of those credentials is compromised it can lead to a full out disaster.
The Microsoft leaked credentials service tackles this issue head-on and collects username/password pairs by monitoring both public and dark web sites and by working with:
- Researchers
- Law enforcement
- Microsoft Security Teams; and
- Other trusted sources
When the service acquires username/password pairs, they are checked against Azure Active Directory current valid credentials. If a match is discovered, it means that a user’s password has been compromised, and a leaked credentials risk detection is created. This can be used to trigger remediation efforts to immediately address the security concern and prevent further infiltration.
Recommended Mitigation
Azure AD Multi-Factor Authentication: Enable Azure multi-factor authentication for privileged accounts and end-users to mitigate against a range of identity-related attacks, including phishing, password spray, and brute-force attacks.
Azure AD Conditional Access: Deploy Azure AD Conditional Access policies to apply the right access controls when deemed necessary.
Azure AD Self-Service Password Reset: Enable automatic user remediation in the event of a leaked credential.
Azure AD Password Protection: Reduce weak passwords and mitigate against getting compromised from password spray and/or brute-force attacks by implementing Azure AD password protection.
Windows Hello: Deploy Windows Hello to replace passwords with strong two-factor authentication on Windows 10 devices.
Modernize hybrid authentication method: Migrate from AD Federation Services to Password Hash Synchronization if not already done.
Modernize password policy: Improve password quality by implementing the latest password policy recommendations. See NIST 800-63B for additional guidance.
Services: Provide threat monitoring and incident response services for identity-based threats.
Threat #2: Malware
Threat Category: Email, Data
Detected By: Office 365 Advances Threat Protection, Exchange Online Protection, Microsoft Cloud App Security
Malware is software that is designed with the sole intent to cause damage or interruptions to IT infrastructure, including servers, clients, or networks. A wide variety of malware exists, including some you may be familiar with, and others you may not have heard of. Examples are viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware. It’s important to note that a significant amount of malware attacks result from a user clicking on something they thought was legitimate.
Malware is often grouped into two categories, Known Malware, and Unknown Malware.
Known Malware – Malware that can be relatively easily identified using traditional anti-malware methods, including signature-based (hash) file matching and file reputation signals. Known Malware can be identified by Exchange Online Protection and its anti-malware protection.
Unknown Malware – Malware previously not seen and which cannot be matched using traditional anti-malware methods. Unknown Malware can be identified by Office 365 ATP through its detonation platform, heuristics, and machine learning models.
Microsoft is highly committed to protecting you and your employees from malware attacks. Taking preventative measures is critical; you never want to wait for an attack to start getting serious about security.
Recommended Mitigation
Office 365 Advanced Threat Protection: Implement Office 365 Advanced Threat Protection with Safe Attachment and Safe Links policies to mitigate against unknown malware threats.
Raise user awareness about email-based threats by using Attack Simulator and end-user security awareness training.
Exchange Online Protection: Verify and recommend Exchange Online Protection policies to mitigate against known malware threats.
Microsoft Cloud App Security: Deploy Microsoft Cloud App Security with session policies to restrict file uploads from untrusted sources to reduce malware threat vectors.
Deploy Microsoft Cloud App Security with malware policies to detect the presence of malware in SharePoint Online, OneDrive, Teams, and in supported third-party apps such as Box and/or Dropbox.
Deploy Microsoft Cloud App Security with a ransomware activity policy to detect activity patterns related to a ransomware attack.
Services: Provide threat monitoring and incident response services for email-based threats.
Threat #3: Unusual User Activity
Threat Category: Email, Data
Detected By: Microsoft Cloud App Security, Microsoft Security, and Compliance Center Alerts
Once a cybercriminal has successfully compromised a user account and gained access, they can immediately start to exfiltrate data, move laterally by impersonating the user, drop malware to shared storage, and destroy data. Depending on the compromised user’s security level and the access they have to confidential information, the damage can be staggering.
The ability to immediately identify unusual user activity is critically important to trigger measures to mitigate fallout. The problem is that most businesses don’t have the bandwidth or resources internally to monitor user activity, suspicious or otherwise. Attempting to manage across all dimensions of the identity attack surface, often using multiple security solutions that aren’t connected, can be a significant burden on an IT department. While some companies now have hunting teams to proactively identify threats in their environments, knowing what to look for across the vast amount of data can prove too challenging to be effective.
Microsoft Cloud App Security can detect user anomalies by scanning user activity, as well as utilizing user and entity behavioral analytics and machine learning. After an initial learning period, each session is compared to the baseline activity, and a risk score is calculated by looking at over 30 different risk indicators. All user sessions are analyzed, and an alert is triggered when something happens that is different from the organization’s baseline or from the user’s regular activity.
Recommended Mitigation
Microsoft Cloud App Security: Deploy Microsoft Cloud App Security with anomaly detection policies to detect suspicious mailbox activities and automate responses.
Microsoft Security and Compliance Center Alerts: Enable alert policies related to suspicious user activities.
Next Steps
While we reap the benefits of transformational technology in the modern workplace, they go hand in hand with significant threats. Staying secure doesn’t have to be a burden. With so many powerful tools available, we strongly encourage you to take advantage of the ones that make the most sense for your business and situation.
If you’d like to learn more about how to protect your business from a security threat, please join me for our Security in the Modern Workplace Webinar.
