Cyber security threats continue to be a major concern for enterprise organisations everywhere – and they are growing more frequent and complex in nature. With hundreds of millions of new strains of malware emerging each year, IT departments devote significant resources to keeping their people and infrastructure protected.
In 2018 alone, there were 10.5 billion malware attacks. Increasingly intelligent and sophisticated, many of this new breed of malicious threats are able to hide from traditional anti-virus software – or even carry out their attack on systems without using any files at all in the process. Instead, they focus on entire networks or applications, and so are therefore far harder to detect.
What’s more, insider attacks from employees themselves are on the rise. As most activity mirrors that of legitimate users and is carried out on familiar devices like mobile phones and IoT infrastructure, they are also difficult to spot.
All of this means that technology solutions, tools and techniques around security have to constantly innovate and evolve just to keep pace. This is hugely challenging and puts great strain on hard-working IT admins.
However, help is at hand.
Machine learning (ML) has emerged at the very cutting edge of technology to protect organisations from these dangerous cyber threats. Using algorithms created from existing data, coupled with advanced predictive and statistical analysis, ML makes qualified assumptions about a device’s behaviour and actions – and then assesses how best to respond, based on that knowledge.
ML algorithms save security teams valuable time by identifying and analysing incidents and threats, providing visibility, accuracy and even a recommendation for action that simply isn’t possible by humans. To achieve this, these algorithms typically perform one of three mathematical tasks:
Regression: identifying correlations between different datasets, then understanding how and to what degree they are related to each other.
Classification: ‘training’ to recognise certain behaviours based on previous observations and learnings, then applying this to new data to predict future behaviour.
Clustering: working on new data and actions, but without factoring in any previous experiences or activities.
By leveraging ML’s considerable capabilities, Artificial intelligence (AI) plays a key role in helping to detect and mitigate security threats before they impact. Critically, AI is able to process far larger data volumes, at a far faster rate than any human can. Along the way, it flags any unusual or suspicious patterns of behaviour and other anomalies for investigation.
Typically created as tools within ML itself, AI uses a cause-and-effect approach (if X happens, assume Y will be the result) to construct predictable patterns of behaviour – which it then uses to judge the actions of people and devices using an organisation’s network. In this way, it vastly improves the speed, quality and effectiveness of cyber security in responding to and thwarting threats.
Good AI is typically:
Resilient: it can identify abnormal activity and prevent manipulation, coercion or other suspicious or unacceptable behaviour
Discreet: it is responsible, trustworthy and protective with all information it has access to
Transparent and accountable: it can act for you, and make educated and impactful decisions
To make the most of ML and AI, forward-thinking organisations are also now configuring a dedicated Security Information and Event Management (SIEM) solution within their operations. In essence, a SIEM gathers all available security-related data and events in one place, then correlates and analyses it with the purpose of improving responses to incidents and threats.
ML, AI and a SIEM are therefore vital building blocks for effective cybersecurity – and can make all the difference in mitigating network threats, automating application security, monitoring email activity and providing robust, next-generation anti-virus protection.
Microsoft’s security suite gives you the tools and intelligence you need to stay protected, efficiently and effectively – with less hassle for your IT team. You can enjoy the combined benefits of an advanced solution including:
Microsoft Sentinel is a scalable, cloud-native solution that provides SIEM, while managing and automating security tasks for swift response – together with accurate analytics and proactive threat intelligence – across all your users, devices, applications, and infrastructure, on-premises and in the cloud.
The Microsoft Defender suite offers comprehensive prevention against security breaches, which manages detection, prevention, investigation, and response across all your endpoints, identities, email, and applications. As a result, your IT admins can understand and learn from threats, their likely impact and how to mitigate them going forward.
A dedicated solution to stop breaches across your organisation by securing its various clouds and platforms while using integrated security tools to enable a rapid response to mitigate threats.
A Microsoft partner and complementary tool for Microsoft’s suite which uses ML and AI to monitor user behaviour, highlight any suspicious or unusual activity and monitor it for potential risk.
There is plenty of evidence for their success.
Back in 2018, advanced cyber criminals used trojan malware to try and install
malicious cryptocurrency miners on hundreds of thousands of computers across the world. Enter Microsoft Windows Defender, which used multiple layers of machine learning to identify and block perceived threats. The crypto miners were stopped before they could do any damage – in fact, almost as soon as they started.
Meanwhile, French insurance and financial services company AXA IT puts its trust in Darktrace cyber security to identify and manage online threats. Here, machine learning is used to scan for network vulnerabilities and automate responses.
However, success depends not only on installing on the stand-alone technical solutions – but also on ensuring they are properly configured to deliver the best results.
Our security team are experts in securing and maintaining modern work environments with best practice and best-in-class solutions. Our Managed Security Service brings together the combined power of Microsoft’s offerings to mitigate threats while removing the hassle of maintaining a secure environment at work through our monitoring, management and updates. Meanwhile, our Threat & Vulnerability Assessment gives you an accurate picture of the security of your environment and specific areas for improvement.
As a type of malicious software used by cybercriminals, ransomware destroys or prevents a person or business from accessing certain sensitive data or critical systems, until a ransom has been paid to the party initiating the attack.
Ransomware is particularly dangerous and disruptive – as it typically involves data or devices being suddenly locked and unavailable, without warning. Attacks occur either as social-engineered ransomware: which uses phishing where the attacker poses as a legitimate company or website to trick a victim into clicking a link or opening an email attachment; or as human-operated ransomware: where an attacker steals account information to gain access to an organisation’s IT network, then targets information and systems which they can infiltrate.
Once breached, the attacker installs the ransomware so that their targets become inaccessible to those who own them. For example, they might encrypt files or lock data. The victim is then asked to pay a considerable sum of money to get their access back (often in cryptocurrency). In the majority of cases, they oblige – to avoid the potentially devastating consequences to reputation and operations. Sadly, paying does not necessarily guarantee a happy ending.
Businesses around the world are increasingly being impacted by more frequent and sophisticated ransomware attacks. Indeed, The European Union Agency for Cybersecurity (ENISA) recently reported that between May 2021 and June 2022, approximately 10 terabytes of data were stolen every month as a result of ransomware threats. Almost 60% of the files stolen contained personal data relating to employees.
Microsoft has also confirmed “a massive growth trajectory for ransomware and extortion”. In 2021 alone, ransomware attacks shot up by 935%.
Prominent examples have included the Human Resources giant Kronos, which suffered an attack in December 2021 compromising its client cloud payroll and time-off systems; U.S. fuel pipeline Colonial Pipeline, which was shut down in May 2021 after a ransomware attack exposed the personal information of thousands of employees – resulting in soaring gas prices across the American East Coast and costing the company $4.4 million; and German chemical distribution company Brenntag, which has its network breached in April 2021 through stolen credentials which exposed the birthdates, Social Security numbers and driver’s license details of more than 6,000 individuals, as well as some medical data. This also ended up costing $4.4 million.
Inevitably, strengthening and maintaining your organisation’s security posture will help protect you from these significant threats. What’s more, you’ll actually save money in the long run – by avoiding costly remediation and even worse, the possibility of having to pay cybercriminals.
Microsoft’s extensive security suite provides you with everything you need to stay confident and protected. Here are a few important steps you can take to make this happen.
By focusing on removing any potential security vulnerabilities in your IT infrastructure, you can thereby make it harder for opportunists to breach it. For example, Multifactor Authentication (MFA) is a proven and easy way to protect your employees’ devices.
It sounds obvious, but the most effective way to stop ransomware is by installing a solution that directly combats it. Effective antimalware can detect and mitigate threats – for example, Microsoft Sentinel, Microsoft 365 Defender, or Microsoft Defender for Cloud.
By ensuring that all your employees stay up to speed on the latest threats and how to spot them, you can ensure that everyone across your organisation adopts a best practice approach to IT security and protection – which makes a big difference.
Cloud-based services such as Azure Cloud Backup Service, Azure Block Blob Storage Backup, or Office 365 Backup and Recovery Services create a safer environment for you to store and retrieve sensitive data. Plus, if this information is compromised, it makes it faster and easier for you to recover it.
65% of organisations haven’t implemented Zero Trust. Zero Trust consists of three pillars; explicit verification, least privilege and assume breach. Evaluate all your devices and the access requirements of employees, before allowing them access to corporate applications, files, databases, and other assets. That way, you are making it much less likely for a malicious identity or device to breach your systems and install ransomware.
Make sure you promptly install system updates and software patches as they become available.
If you are faced with a ransomware breach, it’s critical to be prepared. Take time now to plan out your course of action and the specific steps you will take to mitigate different attacks, so you can minimise any impact and get operations back to normal as quickly as possible if the worst occurs.
Depending on the severity of the ransom requested, you might be tempted to pay it there and then to solve the issue and stop the disruption. But although that seems logical, unfortunately you’re dealing with criminals – who may have no intention of keeping their word and may never give you back the access to your data. Indeed, most ransomware security experts advise against paying attackers anything, for this reason; not to mention that you would be funding illegal activity by doing so.
Instead, focus on what you can do personally as individuals and an organisation, to reduce the damage done by the incident. Where possible, isolate any data that has been compromised as quickly as you can, to stop ransomware spreading. Run your antimalware across everything – and ensure it’s updated to protect against any further attacks. And report everything to the police, to help them track activity and take action.
Transparity has extensive experience in creating and maintaining strategies to keep your business secure and prevent ransomware from compromising it.
We are experts in securing and maintaining modern work environments. Our advanced Managed Security Service helps you to mitigate threats while minimising the efforts and hassle of IT security operations: while our dedicated Threat & Vulnerability Assessment offers an accurate overview of your IT environment status and highlights specific areas for security improvement.
Take advantage of our Microsoft-funded workshops to enjoy in-depth guidance on these topics and improve your security posture. Explore Microsoft’s extensive security toolset, analyse current threats and create a strategic security plan to protect and govern your organisation’s data.
