Nothing New
Cybersecurity and reduction of associated risks have been topping every CIO, CISO and CEO survey I have read this year, and that is no surprise given the quantity and severity of some of the recent attacks both globally and within Australia and New Zealand.
The ASD’s Australian Cyber Security Centre received 76,000 reports of cybercrime in the 2021-22 fiscal year, or an average of one every seven minutes. There has been a 25 per cent increase in the number of publicly reported software vulnerabilities. Source here
As cliché as it feels to repeat this message, the exponential increase in remote working has created both significant challenges and opportunities for our partners, as well as new attack vectors for our adversaries.
With the change in work patterns forever changed, regulation has consequently had to move as well. In the last 2 years we’ve seen Notifiable Data Breach legislation come into effect, Australian Cyber Security Centre (ACSC) and Essential 8 gaining more awareness and cyber security insurance and security auditing become top of mind for many of the MSPs we speak to everyday.
Our partners know security is critical, however the rate that threats are evolving and becoming more sophisticated is unfortunately outpacing skills across everyday businesses. Due to this knowledge gap, we often see customers so focused on basic security that they become complacent and feel secure from all threats once standard security controls are implemented, only to be breached.
So, how do we stay on top of this moving target? Cultivating cyber security through rigor in people is a good place to start, for example through education, awareness training and principles throughout the business.
Over the following 2 blogs, I’ll explore a few ways partners can meet the growing level of sophistication we are seeing in the cyber threat landscape with Microsoft for their SMB customers.
Zero Trust
Zero Trust is now a widely followed approach that asks us to Verify Explicitly, Use Least Privilege Access and most importantly, Assume Breach. Unfortunately, I can speak to many instances that I have witnessed where this principle has not been followed, and a breach has occurred as a result.
Gone are the days where we can rely on simply protecting the identity and running antivirus on an endpoint; this level of security cannot protect against modern threats.
I cannot stress this enough - it is time to stop simply talking about Zero Trust principles; we must adopt these principles; we must assume breach and protect and monitor all assets.
In November 2021, Microsoft released Defender for Business, the SMB edition of the flagship Defender for Endpoint solution and it was a particularly timely move. Tailored to businesses up to 300 users, Defender for Business has built-in enterprise grade technology to help SMBs proactively protect their devices, be informed about trending threats, and have systems automatically respond to security incidents.
This advanced Endpoint Security solution must form part of the new standard offering for all Microsoft partners servicing the SMB market.
Think Laterally
Assuming a breach occurs, how are we defending against lateral movement?
Previously called Microsoft Defender Advanced Threat Protection (MDATP), Defender for Business provides advanced endpoint security including:
If any of you have joined my M365 Security Labs sessions over the last year or so, you will have heard me recommended using Defender for Business (and Defender for Endpoint) as a way of uplifting endpoint security via Threat and Vulnerability Management recommendations.
I often demonstrate how Defender for Business seamlessly integrates with Microsoft’s Mobile Device Management (MDM) solution, Endpoint Manager, and provides step-by-step guides on how to deploy best practice endpoint security. Microsoft could not have done a better job at this, it leaves nothing to the imagination when it comes to securing endpoints including Windows, Mac OS, iOS, Android, Google Chrome OS, and Linux.
From a lateral perspective, remote workers are exposed in several key areas:
With Azure Active Directory, we can implement Multi-Factor Authentication, Conditional Access, and Privileged Identity Management. Defender for Business can then help protect the device and applications installed on the device. We can also add Defender for Cloud Apps to help protect businesses when using web and SaaS applications – Microsoft has extensive capabilities and is a leader in all the key security solutions.
Defender for Business key capabilities covering device and applications:
Attack Surface Reduction
Additional Defender Protections
Protect Identity
Identity protection still forms a significant aspect of my day-to-day conversations with partners, and quite rightly so, as it is still the number one attack vector. Yes, multi-factor and passwordless authentication should be used for standard users. More importantly, FIDO2/certificate-based authentication along with Identity Protection capabilities should be used for privileged users, without exception!
For example, Microsoft’s Azure Active Directory Premium Plan 2 includes:
All this capability must be used for any privileged identity being used today, it is critical to reducing risk and protecting both your own business and your customers’ business.
At Dicker Data, we hear about breaches that have included AITM (Adversary in The Middle) attacks, whereby the MFA token is highjacked and used to authenticate using privileged identities, highlighting why these Identity Protection capabilities are no longer considered advanced, they must also be the new standard for Microsoft Partners and their customers.
Keen to learn more about Microsoft Defender for Business?
Stay tuned for the second instalment of the blog series, where I’ll further explain the concept of ‘Advanced is the new Standard’ for defending your SMBs from cyberattacks, and dissect some of the specific features you can be turning on right now in Defender for Business.
If you would like to see a killer demonstration of Defender for Business, please contact us via microsoft.presales@dickerdata.com.au and we will be in touch to arrange a meeting.
23 August, 2024 - 4 min read
In today’s day and age, we’re treated to more choice and variety... Read more
22 August, 2024 - 2 min read
Picture this: It’s October 14th 2025. You’ve just won some new... Read more
9 August, 2024 - 3 min read
We’ve just completed stop three of our #TECHX24 tour, Melbourne!... Read more
Subscribe to the Dicker Data blog
for regular updates and insights
Dicker Data (ASX: DDR) is an Australian owned and operated, ASX listed hardware distributor with over 46 years experience. Our dedicated sales and presales teams are comprised of experienced product specialists who are focused on using their in-depth knowledge to help customers tailor solutions to suit their client’s needs.
Phone: 1800 688 586
Email: sales@dickerdata.com.au