Eyes often glaze over at the very mention of cybercrime. Seriously, try it next time you’re having a round of crazy golf. But it’s really important. And when the world’s most common password is 123456, it’s easy to see that information and knowledge sharing key to survival in this fast-paced digital world.
When we talk about exposure to cyberattacks, there are three primary types of attack to consider:
Phishing is where an attacker takes on the role of a trusted identity and tricks employees into opening emails, texts or instant messages. With spear-phishing, as the name suggests, things are a bit more serious. An attacker will use unique information, specific to the user, to construct a more plausible phishing attack. These are notably harder to spot.
• Protect against spam malware and other email threats with Exchange Online Protection.
• Co-ordinate detection, prevention, investigation and response across endpoints, identities and email with Microsoft 365 Defender.
• Protect against phishing or malware websites and applications with Microsoft Defender SmartScreen.
In a scenario like this, attackers will try a large list of possible passwords for a given account (or set of accounts). It’s doubtful that anyone reading this will find themselves in this camp but research by CyberNews, which looked at 15.2 billion passwords, has revealed the five most common passwords of 2021…and the results are staggering:
• Discover leaked credentials and detect password spray attacks with Azure AD Identity Protection.
• Enforce minimum requirement, dynamically ban common passwords and force resets for leaked passwords with Azure AD Password Protection.
• Look out for malicious actors that gain access by guessing your password or using brute-force method using Azure AD Smart Lockout.
Device-based attacks occur when malware is installed on your device in the form of viruses, spyware, ransomware or other unwanted software that’s installed without your knowledge or consent. Of course, if a device is lost or stolen, a whole new set of challenges arise. If you’re only responsible for one or two devices, nothing seems that tricky. But with an estate running in to the hundreds (or more), the impact of device-based attacks is huge.
• Prevent, detect, investigate and respond to advanced threats with Microsoft 365 Defender for Endpoint, with full visibility, protection, and detection across a wide variety of platforms, including macOS, Android, and iOS.
• Define trusted websites, cloud resources and internal networks with Microsoft Defender Application Guard, helping to protect devices from advanced attacks by opening untrusted websites in an isolated Microsoft Edge browsing window.
• If a device is lost or stolen, Microsoft InTune mobile device management (MDM) enforces password and/or pin requirements – and wipes the device completely after a specific number of failed attempts.
Network based attacks are carried out using vulnerabilities within the network or application and include: