The lack of basic security hygiene is a key reason companies (and governments) continue to experience breaches, according to the annual Microsoft Digital Defense Report. In practical terms, “over 70% of human-operated ransomware attacks in the past year originated with Remote Desktop Protocol (RDP) brute force.” In other words, most ransomware attacks conducted by people (rather than machines) are targeting technology that is essential in this work-from-home era.
To the point about basic hygiene, two controls Microsoft recommends are:
- Randomized local admin passwords
- Vulnerable systems should not have credential overlap with the rest of the network
This data and recommendations in the report are derived from the 8 trillion security signals processed globally every day by Microsoft’s security team.
Microsoft makes a strong case for how basic cyber hygiene is a key culprit in the rise of successful ransomware attacks against companies in 2020. This places a detailed focus on what Cyberhedge refers to as the ‘people, policy and process’ component of cyber governance. This is a key reason that companies that execute well on digital transformation outperform those that do not, especially post pandemic.
It also provides a strong case for why simply having the ‘latest and greatest’ technology is not the difference maker in terms of good or bad cybersecurity. Why? We already know that corporate networks are chock full of overlapping and misconfigured technology that is resulting in a massive waste of precious company capex and opex, that is not making companies any more secure, and in some cases is making them less secure. It is not just Microsoft making this claim, IBM also came to the same conclusion.
Mandiant Security Validation succinctly captured this dynamic in a recent case for security validation: “The reality is that when we look back at security breaches, misconfiguration is the key culprit... And to add further complexity is the increasing number of companies moving systems, applications and data to cloud-hosted platforms. With more devices and applications connected to the distributed cloud, adversaries now have a larger playing field on which to target an attack.”
A focus on people, policy and process or the management of technology rather than the technology itself will make companies more secure and less likely to experience a costly business disruption that results from ransomware attacks across every sector.
For large publicly held companies, billions of dollars in shareholder value is at stake with cyber. Executing on digital, including security, is the difference between leading and lagging.
Investors and C-suites should start by asking the questions:
- What $ investments are being made to strengthen security-related training and awareness for employees, policies and processes?
- What proof do we have that those investments are resulting in better security and lower risk of breach?