October is Cybersecurity Awareness Month. Especially curated for UK organisations pursuing a Microsoft First approach, this is a quick-fire summary of October's Microsoft security highlights and headlines.
#BeCyberSmart: Get behind Cybersecurity Awareness Month
The theme for this year’s Cybersecurity Awareness Month is about education for all, with the tagline: ”Do your part. #BeCyberSmart.” This awareness campaign encourages your organisation to educate your teams about security hygiene best practice. With an average of over 20% of employees clicking phishing links according to the Microsoft/Terranova 2020 Gone Phishing Report, there is a major problem with end-user awareness that this campaign addresses.
Join Microsoft Ignite’s security sessions, 2nd-4th November
Security experts come together each year at Microsoft Ignite to share and learn. At Ignite happening in November this year, you’ll discover strategies to accelerate your security journey with confidence as well as hear the latest vision, announcements and roadmaps. Ignite also features technical security breakout sessions that will help future-proof your organisation.
Microsoft achieves a Leader position in Forrester Wave for XDR
As of October, Microsoft is now rated as a Leader in The Forrester New Wave™: Extended Detection and Response (XDR). As part of the XDR evaluation, Microsoft 365 Defender was positively reviewed as “differentiated” in seven criteria including detection, investigation, response, and remediation.
This XDR Forrester Wave recognizes that endpoint detection and response (EDR) is not enough on its own to keep your organisation secure. XDR extends EDR to include many additional known sources of telemetry including identities, applications, and cloud infrastructure. It then uses AI to automatically correlate and prioritize threats.
Microsoft’s XDR strategy is to create the most unified XDR solution available by integrating with Windows, Linux, iOS, Android, macOS, and multi-cloud deployments including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). These would be coupled with built-in machine learning automation and prevention capabilities.
Microsoft issues a warning of Nobelium supply chain attacks
The Microsoft Threat Intelligence Center (MSTIC) reports that the NOBELIUM hacker group has targeted 140 software and cloud service providers across the US and Europe. These attacks breached 14 companies since May this year.
The aim of the attacks is to side-step security perimeters and “piggyback on any direct access that resellers may have to their customers’ IT systems”. This opens the door to reach hundreds or thousands customers for every reseller breached.
Microsoft Privacy Management launched to facilitate
The new Privacy Management for Microsoft 365 designed to help organisations modernise their risk management.
According to Vasu Jakkal, CVP of Security, Compliance and Identity at Microsoft, “Privacy Management from Microsoft 365 helps you safeguard personal data and build a privacy resilient workplace. It enables you to identify critical risks and conflicts… and empower your employees to make smart data handling decisions.”
Back to News