September was a month of some cybersecurity highs- and lows. There has been marked progress in certain areas and lots of learning opportunities. From cyber art fraud with NFT's to attacks on payment platforms impacting lorry drivers' pay, for some this month will feel like a month from hell. In the world of Microsoft security, Endpoint Manager leads Gartner's Magic Quadrant and Charlie Bell joins Microsoft from Amazon as the new lead on the company's cybersecurity and fraud division, bringing decades of cloud experience and a big vision. Here are the main stories:

• A cyber attack exacerbated the petrol crisis
• Banksy's website was hacked
• Your Microsoft world without passwords is now possible
• Microsoft's new head of cybersecurity wants to end 'digital medievalism'
• Microsoft's Endpoint Manager named a Gartner Leader
• Microsoft's results of their employee hybrid working study

Cyberattack adds fuel to the fire 

On Tuesday 28th September, news reports surfaced of HGV drivers that have not been paid after a crippling cyber attack hit Giant Pay further exacerbating the current petrol crisis. Giant Pay is a large payment software provider that reported it was hit by a “sophisticated cyberattack” on its network resulting in significant downtime. They said that “As a result, when we had to shut down the entire network, we couldn’t access our phone and email systems”.  

Honour amongst art thieves

Iconic British artist Banksy’s website was targeted and a buyer ended up purchasing a fake non-fungible token (NFT) for £244 000 for a piece of his art that was auctioned over his website. NTF’s are tradable digital certificates of ownership that can be used for trading in digital assets- most often using cryptocurrency. The link to the fake auction was placed on a page on banksy.co.uk that was since deleted. The buyer reported to the BBC that he felt ‘burned’. Banksy’s team was warned of potential website flaws in advance of the hack but did not take appropriate action. As a balm for the buyer’s wound, the hacker subsequently returned all the money minus a small transaction fee. Perhaps this shows that there is in-fact honour among (art) thieves. 

The fake Banksy NFT was advertised on the artist’s official website- Source- BBC

NCSC and US CISA join forces against ransomware 

The National Cyber Security Centre’s CEO and Director of the US Cybersecurity and Infrastructure Security Agency met in London on the 9th of September to discuss furthering collaboration with addressing ransomware featuring as a priority. NCSC Chief Executive Lindy Cameron said: “Ransomware is a serious and growing security threat that cuts across borders, and it is important for us to maintain a continuing dialogue with our closest ally to tackle it.”  

Bell tolls for ‘digital medievalism’ 

Former Amazon executive Charlie Bell has joined Microsoft to lead a newly formed team overseeing their cybersecurity operations. This role puts him in charge of digital fraud, ransomware attacks and data protection. As he mentioned in a recent LinkedIn post, his plan is to help Microsoft do away with “digital medievalism,” which describes the current situation where organizations and individuals each depend on the walls of their castles and the strength of their citizens against bad actors who can simply retreat to their own castle with the spoils of an attack.” Instead, Bell suggests that “We all want digital civilization. I believe Microsoft is the only company in a position to deliver this”. 

Hackers don’t break in, they log in 

Microsoft passwordless future became the new now as they announced all users can drop password verification and instead login using biometrics, an authenticator app or alternative. Although Microsoft had already made passwordless accounts available for business users of its products in March, this system is now available to all Microsoft or Windows users. Microsoft security vice-president Vasu Jakkal commented:  “We are expected to create complex and unique passwords, remember them, and change them frequently – but nobody likes doing that….Hackers don’t break in, they log in….Internally at Microsoft, we are almost 100% password-less for our employees.” 

Microsoft’s Endpoint Manager is a Gartner Leader  

Gartner Magic Quadrant for Unified Endpoint Management Tools, August 2021 

Microsoft continues to take the lead not just in eliminating the need for passwords, but in device management as well. Microsoft’s Endpoint Manager was officially recognised as a leader in the Gartner Magic Quadrant for Unified Endpoint Management Tools. Endpoint Manager combines Intune and Configuration Manager and is available with an Enterprise Mobility + Security (EMS) license. Reasons for its leadership status include deep integration across Microsoft products (including Azure AD, Defender XDR and Microsoft 365 applications) which in turn offers improved stability and performance achieved by reducing third-party plug-ins. 

Building hybrid vigour 

Finally, a study of Microsoft’s employee productivity in the post-COVID era has revealed an increase in siloed working with less cross-team collaboration. As a result, the researchers recommend that organisations take proactive measures to enable innovation, synergy and inter-connectedness within the new normal of hybrid working.  

A final observation from an anonymous user reminds us of the need to always be vigilant: “Someone cracked my password. Now I need to rename my puppy.”

¹Gartner, Magic Quadrant for Unified Endpoint Management Tools, Dan Wilson, Chris Silva, Tom Cipolla, 16 August 2021.

#SimplifySecurity #MicrosoftFirst

 

Follow Softwerx on LinkedIn and Twitter for the latest updates:

 

           

 


Back to News