Not enough businesses have authentication protection - Microsoft
Not enough businesses have authentication protection, according to a new study from Microsoft.
When it comes to our world online, protecting and defending our most valuable digital asset - our identity - is vital, says Vasu Jakkal corporate vice president, Security, Compliance and Identity at Microsoft.
He says when cybersecurity threats are continuously increasing in volume, velocity and sophistication, it is now more crucial than ever to ensure our businesses have the tools in place to defend and protect against cyber-attacks.
Microsoft's new quarterly cyberthreat study, Cyber Signals, has found that only 22 per cent of its Cloud Identity Solution and Azure Active Directory users have implemented strong identity authentication protection as of December 2021. Additionally, throughout 2021 Microsoft blocked more than 25.6 billion AAD brute force authentication attacks and intercepted 35.7 billion phishing emails.
With findings like this, Microsoft urges businesses to review their security measures, and in its study has recommended a range of ways to do this, the number one being to implement multi-factor authentication.
Cyber Signals is a cyber threat intelligence brief informed by the latest Microsoft threat data and research. This content, which will be released quarterly, offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and strategies used by the world's most prolific threat actors.
"As such, we hope it's a valuable resource to chief information security officers, chief information officers, chief privacy officers, and their teams, as they continue to evolve technologies, policies, and processes against the constantly changing threat landscape," says Jakkal.
"At Microsoft, we believe that security is a team sport and that when we share what we're learning, we can all make the world a safer place," he says.
Cyber Signals aggregates insights Microsoft sees from its research and security teams on the frontlines. This includes analysis from 24 trillion security signals combined with intelligence the company tracks by monitoring more than 40 nation-state groups and over 140 threat groups.
"In our first edition, we unpack the topic of identity. Our identities are made up of everything we say and do in our lives, recorded as data that spans across a sea of apps and services," says Jakkal.
"While this delivers great utility, if we don't maintain good security hygiene our identities are at risk. And over the last year, we have seen identity become the battleground for security," he says.
While threats have been rising fast over the past two years, there has been low adoption of strong identity authentication, such as multifactor authentication (MFA) and passwordless solutions.
" For example, our research shows that across industries, only 22 percent of customers using Microsoft Azure Active Directory, Microsoft's Cloud Identity Solution, have implemented strong identity authentication protection as of December 2021," says Jakkal.
"MFA and passwordless solutions can go a long way in preventing a variety of threats and we're committed to educating customers on solutions such as these to better protect themselves," he says.
"From January 2021 through December 2021, we've blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365."