Top 4 Common Mistakes That Could Hurt Your Security Program

By Chris Kirk – Principal Cybersecurity Consultant, Anthony Petito – Principal Technical Delivery Consultant, and Roberto Bamberger – Principal Cybersecurity Consultant

As the Microsoft Detection and Response Team (DART), our job is to respond to compromises and help our customers increase their cyber resiliency. Our team works to identify risks and provide reactive incident response and proactive security investigation services to help our global customers manage their cyber risk, especially in today’s dynamic threat environment.

Our unique focus within the Microsoft Industry Solutions Security Service Line allows DART to provide onsite reactive incident response and remote proactive investigations. DART leverages Microsoft’s strategic partnerships with security organizations around the world and internal Microsoft product groups to provide the most complete and thorough investigation possible. Our response expertise has been leveraged by government and commercial entities worldwide to help secure their most sensitive, critical environments.

Overlooking a single security threat can create a serious event that could severely erode community and consumer confidence, tarnish reputation and brand, negatively impact corporate valuations, provide competitors with an advantage and create unwanted scrutiny. In this article, we will share the top four most common mistakes that could hurt your security program and offer ways to stay a step ahead, based on our team’s combined experience over the last couple of decades.

1. Overlooking basic cyber hygiene essentials

One of the most common mistakes we continue to see is organizations not adhering to basic cyber hygiene best practices. Our Microsoft Digital Defense Report highlights that poor cyber hygiene is still the No. 1 reason for vulnerabilities getting exposed. In fact, basic security hygiene will protect your organization against 98% of attacks, according to the report’s data.

There are several steps that organizations can take to maintain good security hygiene and strengthen their overall security posture:

• Enable multifactor authentication (MFA): Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification and anomalies.
• Apply least privilege access: As one of the three principles of Zero Trust, applying least privilege access limits user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive policies and data protection to help secure both data and productivity.
• Keep patches up to date: Mitigate the risk of software vulnerabilities by ensuring your organization’s devices, infrastructure and applications are kept up to date with patches and correctly configured.
• Utilize anti-malware tools: Stop malware attacks from executing by installing and enabling anti-malware solutions on all endpoints and devices.
• Protect your data: Know where your sensitive data is stored and who has access to it. Implement data protection best practices such as applying sensitivity labels and data loss prevention (DLP) policies.

2. Falling into a false sense of security

There are common instances we see where organizations will check certain boxes and think they are secure. One of the biggest themes to get across to organizations is that being compliant does not always mean you are secure. When an organization has checked several boxes that ensure compliance, this typically leads to a limited secure infrastructure. Shifting privacy regulations, combined with limited resources like budgets and talent shortages, add to today’s business complexities. Furthermore, the concept of “assume breach” serves as a good example of attacks that may result from a false sense of security. While attackers are continuously exploring new ways to break into an environment, by assuming breach we can help to safeguard against inevitable detrimental harm.

Cloud environments are also continuously being put to the test. DART has seen various security configurations in our customers’ cloud tenants. The one commonality: administrators flip the switch on a few security tasks without genuinely understanding the process and procedures needed to ensure everything works as designed, and consequently, create gaps in defenses and opportunities for attackers to circumvent security controls. When it comes to defense-in-depth, these controls must work in concert.

3. Not knowing your environment

Identifying and managing security and data risks inside your organization can be challenging, especially when you don’t know your environment. You can’t identify where the attack was made if you do not have visibility across the environment. Using a tool like Microsoft’s threat and vulnerability management built-in module in Microsoft Defender helps teams discover vulnerabilities and misconfigurations in near real-time. Additionally, teams are able to prioritize vulnerabilities based on the threat landscape and detections within an organization. These insights help security teams identify potential concerns and can help accelerate time to action. Knowing your environment also helps lower the complexities found within organizations. As we know, complexity kills security.

4. Not having a disaster plan

Let’s get real for a second. Attacks are inevitable, even if you have the proper safeguards in place. Having a disaster plan is less about preventing attacks, but more so about minimizing the damage once an event has occurred. First and foremost, employees need to know who to call when an attack is taking place. A person’s career will not last long if they do not call the Chief Information Security Officer (CISO) or relevant employee when disaster strikes with recommendations on how to quickly address or remediate the threat. This also goes back to knowing your environment.

As an organization you need to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe, and your apps and workloads online, when planned and unplanned outages occur. Azure provides different services such as Site Recovery and Backup, which help ensure business continuity by keeping business apps and workloads running during outages, while also keeping data safe and recoverable.

While these four mistakes are common, they can be fixed with the right combination of solutions and guidance. Microsoft DART is here to help organizations mitigate these mistakes and adopt strategies today that will strengthen their overall security posture and build resiliency. For more information on the latest attack methods as well as cybersecurity best practices derived from our investigations and engagements, please visit our blog series.