Use Security Education and Awareness Programs to Your Advantage

This post is authored by Jonathan C. Trull, Worldwide Executive Cybersecurity Advisor, Enterprise Cybersecurity Group Most of today’s media coverage, internal security budgets, and venture capital dollars are focused on new and exciting technologies, such as next-generation endpoint solutions, user behavior analytics, and others.  However, one equally important area that often receives little attention is security education and awareness for company employees. The majority of successful attacks target end users … Read more »

Securing the Internet of Things: Introducing the Security Program for Azure IoT

This post is authored by Sam George, Partner Director Program Management, Azure IoT As the Internet of Things (IoT) continues to gain traction in the enterprise, questions of security and privacy are top of mind for business decision makers, executives and IT alike. In our work with customers, we find many businesses are struggling to determine how secure their end-to-end IoT infrastructure is, or even delaying IoT implementations until security … Read more »

Cyber risk and resilience: not understood

This post is authored by Paul Nicholas, Senior Director, CPP US “The meaning and implications of systemic cyber risk are not yet fully recognized or understood”, states the newly published White Paper on Understanding Systemic Cyber Risk from the Global Agenda Council (GAC) on Risk & Resilience of the World Economic Forum (WEF). The White Paper is something that my team and I here in Microsoft contributed to, along with critical infrastructure … Read more »

Security Intelligence Report: Discover the top cybersecurity threats by country

Security professionals know there’s no silver bullet to achieve perfect security—the volume and magnitude of cyber threats vary considerably depending on country and threat type. For example, during the second half of 2015 (2H15), encounter rates for some types of threats in Russia and Brazil were nearly three times the worldwide average. Of the ten most commonly encountered threat families in Russia in 2H15, five were trojans, including Win32/Peals, Win32/Skeeyah, … Read more »

Cybersecurity: a question of trust

This post is authored by Robert Hayes, Senior Director and Chief Security Advisor in Microsoft’s Enterprise Cybersecurity Group. With the scale, scope, and complexity of cyber-attacks increasing by the week, cybersecurity is increasingly being seen as a primary issue for CEOs & Boards. Advice is not hard to find, and there are a multitude of information sources and standards; the in-house CIO will have a view, and of course there are … Read more »

Top Five Security Threats Facing Your Business and How to Respond

This post was authored by Ann Johnson, Vice-President, Enterprise Cybersecurity Group Headlines highlighting how vulnerable we are to cyber threats are now all too commonplace. The statistics on security events and successful network breaches continue a trend that favors attackers. These bad actors are getting faster at network compromise and data theft while their dwell times inside networks have increased to over 200 days according to most of the major … Read more »

Attackers using Trojans more than other malware categories

Global cyber threat patterns are a constantly moving target. But there are ways organizations can stay ahead of threats. Beginning in 2006, Microsoft took on systematic study of the ever-shifting security landscape, and we share our latest findings twice each year in our Security Intelligence Report (SIR). While cyber threats grow more sophisticated, our goal is simple: to help customers understand the many different types of factors that can influence … Read more »

Understanding the geography of malware

Threat patterns are constantly shifting, and our latest security intelligence report zeroes in on some of the world’s malware hot spots. For more than 10 years, Microsoft has carefully studied the evolving cyber threat landscape and shared findings with the wider security community.  We base our analysis on one of the most complete security data sets in the world, which includes data gathered from more than 600 million computers worldwide. … Read more »

Lessons from the NIST Cybersecurity Framework

This post was authored by Angela Mckay, Director of Cybersecurity Policy It has been more two years since the National Institute of Standards & Technology (NIST) published its Cybersecurity Framework and there has been a lively debate ever since on how the Framework should evolve and be adapted by different organizations. Indeed, since then the Framework has been used by a diverse range of companies, including many critical infrastructures, by … Read more »

Keeping Adobe Flash Player

Years ago, Java exploits were a primary attack vector for many attackers looking to infect systems, but more recently, Adobe Flash Player took that mantle. After accounting for almost half of object detections during some quarters in 2014, Java applets on malicious pages decreased to negligible levels by the end of 2015, owing to a number of changes that have been made to both Java and Internet Explorer over the … Read more »