Cybersecurity norms: From concept to implementation

Last year Microsoft put forward six cybersecurity norms with the aim of reducing conflict in cyberspace and protecting global trust in technology. They offer considerations for limiting nation-state activity against commercial, mass-market ICT; responsible handling of ICT vulnerabilities and cyber weapons; appropriate conduct of offensive operations in cyberspace; and support for private sector management of cyber events. However, while we remain the only industry player to offer a proposal in … Read more »

The continued importance of cybersecurity capacity building

Over the past decade, billions around the world have benefited from the exponential growth of the online environment and associated economic opportunities. The Internet has transformed from an information exchange platform to a tool that is central to addressing some of our biggest challenges, from delivery of healthcare and education, to increasing energy efficiency and ensuring organizations are more effective and responsive. However, given the increases in computing power, the … Read more »

The Emerging Era of Cyber Defense and Cybercrime

Cyber threats are everywhere, from hackers causing mischief to show off their skills to organized crime syndicates employing sophisticated financial ruses against governmental organizations, businesses, social channels and individuals. Seventy-one percent of companies admit they fell victim to a successful cyberattack in 2014, leading them to increase their security investments. This in turn created a $170 billion security market in 2015, according to Gartner. Hackers aren’t just targeting companies—an estimated … Read more »

What’s Next for EU Cybersecurity after the NIS Agreement?

After three years of intense negotiations, the EU finally reached agreement on the Network and Information Security (NIS) Directive this past December. Politically, all that remains to be done is for the text to be formally approved by the European Parliament and the Council of the EU in the coming months. Then Member States will have 21 months to implement this landmark legislation. At a technical level, however, there’s still … Read more »

Cloud computing in government: security considerations

The last few months have seen a number of government information technology (IT) departments around the world move towards adopting cloud computing as one of the solutions deployed to delivered services to their citizens. Countries as diverse as Slovenia and Saudi Arabia are recognizing that cloud computing can ultimately mean more agile government services – with more predictable cost, reduced infrastructure overheads and increased efficiency and responsiveness. Government adoption of … Read more »

Japan zeros in on cybersecurity

Japan is poised to take exciting steps towards improving cybersecurity in 2016. A confluence of events in 2015 catalyzed important actions from the Government of Japan action. A key wakeup call was the May Japan Pension Service Hack, which brought home the realization that as personal information is increasingly stored online, it also needs to be better protected. Additionally, as Japan readies itself to host the 2016 G7 Summit and … Read more »

Five things you should know about cloud security

Security threats continue to dominate news cycle today. As more companies move to the cloud, privacy and transparency are also hot topics in the news. The result: organizations are increasingly weighing the benefits of new, cloud-based opportunities against the corresponding risks and mitigation costs. Microsoft is committed to providing a cloud you can trust. We believe there are five critical areas you need to know about cloud security: Security options … Read more »

Securing Privileged Access

We’ve all probably heard the old axiom that a chain is only as strong as its weakest link. In the context of cybersecurity, in many IT environments the weakest link is the workstations that administrators with privileged accounts use to connect to critical infrastructure and applications. If these management workstations aren’t properly secured, high privilege user credentials can be stolen, and those stolen credentials will be used to compromise more … Read more »

Tracking Lateral Movement blog series by Jessica Payne

I’d like to highlight a great new series of articles that a colleague of mine in Microsoft’s new Enterprise Cybersecurity Group, Jessica Payne, has recently started publishing. Lateral movement is a topic that literally every security professional I talk to is interested in, these days. Here’s the first article Jessica has published in the series: Tracking Lateral Movement Part One – Special Groups and Specific Service Accounts Tim Rains Chief … Read more »

The Threat Landscape in Canada – 2015 Update

I have written about the threat landscape in Canada a couple of times over the years. Using new data from the latest volume of the Microsoft Security Intelligence Report, volume 19, I thought I’d take a fresh look at what has been happening in Canada as its been about a year since I last published an article on it. If you are interested in reading some of the analysis I … Read more »