In a recent episode of the KBKast, host Karissa Breen dove into details about current cyber landscape and critical cybersecurity challenges pertinent to small and medium businesses. The Microsoft executive, Mark Anderson. Anderson’s extensive knowledge and illuminating known perspectives on the intricacies of cybercrime, the critical role of proactive measures, and the imperative for industry-wide collaboration and change.
Anderson highlighted Microsoft’s security infrastructure, including dedicated teams such as the Mystic team and the Digital Crimes Unit, each focused on different dimensions of security threats.
Commenting on the evolving nature of cyber threats, Anderson added,
“The number of threat actors has increased, potentially due to increased team capability and visibility growth. Critical cybersecurity challenges include supply chain resilience and open source software vulnerabilities.”
Microsoft Digital Defence Report
Anderson discussed the urgency of addressing open source software vulnerabilities, that has seen attacks increase by a 742% since 2019.
“There has been a 23% annual increase in security cases, with a significant rise in password attacks, especially in the education sector,” he stated.
The Microsoft executive tackled the pressing issue of patching percentages in the IT and OT industries, warning,
“The implications of running outdated systems and the potential for industrial accidents if action isn’t taken cannot be overstated.”
The conversation delved into the imperative for proactive measures and the pitfalls of waiting for catastrophic events to prompt change.
Anderson noted,
“Regulation or experiencing the actual pain of security issues might propel the industry into action.”
A key challenge is synthesising the massive influx of data and the increasing sophistication of cybercriminal tactics. Anderson pressed the growing need for cybersecurity capability, particularly for small to medium-sized businesses, given that 70% of human-operated ransomware attacks target smaller organisations with 500 or fewer employees.
It was addressed the significance of software bill of materials (SBOMs) in enhancing software supply chain security.
“SBOMs play a pivotal role in improving security, tracking all components and version numbers, and influencing purchasing decisions,” he elucidated.
Host, KB inquired further about SBOMs aiding in governance and compliance, to which Anderson acknowledged the necessity for widespread knowledge and significant changes for adoption in the software industry.
TLDR;
– Microsoft’s security teams include the Mystic team and the Digital Crimes Unit focused on various security threats.
– Business email compromise often stems from organisational problems and weak processes, making businesses susceptible to fraud.
– Compromising a legitimate account can lead to cyber problems, emphasising how attackers inject into business processes.
– Cybersecurity challenges involve supply chain resilience and open source software vulnerabilities.
– Open source software attacks have increased by 742% since 2019, with Microsoft as a major contributor.
– The Microsoft Digital Defence Report contains stats on cybersecurity threats and nation state actors.
– Cybercrime has increased significantly, and human-operated ransomware attacks are on the rise.
– Small to medium-sized businesses are in need of enhanced cybersecurity capabilities.
– Identity-based attacks have increased from 4 billion to 40 billion per month.
– Software bill of materials (SBOMs) are critical for tracking software components and version numbers for security and compliance.
– The US presidential order in May 2021 highlighted the importance of enhancing software supply chain security, particularly in response to incidents like SolarWinds.
– SBOMs play a vital role in rapid response and proactive risk management, but require significant time, cultural, and regulatory changes for widespread adoption.
