Now in its fifth year, the Microsoft Digital Defense Report (DDR) looks at the state of cybersecurity worldwide, focusing on the growing threats posed by nation-state actors and financially motivated cybercriminal groups. The report contains a whole chapter on the threat landscape and another dedicated to artificial intelligence (AI), which Graham Hosking, Quorum Cyber Solutions Director for AI, writes about in his blog, The Mounting Impact of AI on Cyber Security.

While looking at the global picture and to the future, Microsoft emphasizes that the fundamentals of cybersecurity remain the most important for all organizations in every sector, wherever they are on their security journey. The paper advises how organizations, no matter how complex, can defend themselves in the face of an unprecedented wave of cyberattacks – in total, it’s customers experience 600 million per day!

A unique view of the global threat landscape

Microsoft receives and processes more than 78 trillion security signals from billions of Windows endpoints, the cloud, and a wide array of different products and services every single day. So, it’s uniquely positioned to build a complete picture of threat actor activities and understand exactly how cyber-attacks are executed, step by step.

However, regardless of what tactics, techniques, and procedures (TTPs) a threat actor uses, most of the time they are simply attempting to steal your most precious data. Microsoft estimates that less than 1% of organizational assets are actually of interest to them. But they use many different attack paths to reach your crown jewels. The report reveals that 90% of organizations are exposed to at least one attack path while 80% have attack paths that expose critical assets.

This is why it’s so important to stand back, put yourself in the mind of a threat actor and try to think of your organization from a criminal’s point of view. What are your business’s most valuable assets? What would a cybercriminal need to do to obtain them?

Do security

In November 2023, Microsoft announced the Secure Future Initiative (SFI) to “address the increasing scale, speed, and sophistication of cyberattacks”. With SFI, the company promises to be secure by design, secure by default, and provide secure operations. It has dedicated 34,000 full-time security engineers to the multi-year challenge. Microsoft CEO Satya Nadella stresses the importance of SFI and security in the report: “If you’re faced with the trade-off between security and another priority, your answer is clear: Do security.”

As a Microsoft Solutions Partner for Security, Quorum Cyber, which acquired Difenda in September 2024, lives and breathes Microsoft Security technologies and advocates organizations to run on a single security stack to coordinate security across the entire IT estate. In the past, security experts and industry analysts such as Gartner and Forrester recommended that companies should buy best-of-breed products to secure different components of their IT infrastructure, from email to servers to databases and everything else. Today, it’s widely accepted that a single security ecosystem significantly improves efficiency, speed to respond, and coordination.

Some organizations, of course, still think they can spend their way out of trouble by investing in more security tools from more vendors, but this simply isn’t effective against the speed and sophistication of today’s adversaries. More tools require more skills and more resources, and they generate more security data which can bog defenders down. In short, too many tools can slow down cyber defense.

According to Microsoft’s report, “organizations using over 15 tools experienced nearly three times more data security incidents than organizations using fewer tools. This is why it is so important to invest in integrated, automated data security solutions to achieve the best outcomes.” The paper also states that “83% of organizations experience multiple data breaches over time,” so it’s no longer ‘if’ organizations will experience a cyber-attack but ‘when’.

Quorum Cyber’s whitepaper, Mastering Cost Management and Reduction: A Guide for Chief Information Security Officers, explains why a single security ecosystem is the best strategy for CISOs today and how it can save money, time, and resources.

How can organizations “Do security”?

Since 2022, Microsoft has collaborated with the National Cybersecurity Center of Excellence (NCCoE) in the US to help organizations adopt and operate Zero Trust. Run by the National Institute of Standards and Technology (NIST), the NCCoE’s aim is to “bring together experts from industry, government, and academia to address the real-world needs of securing complex IT systems and protecting the nation’s critical infrastructure”.

Together with other technology vendors, Microsoft has developed a Zero Trust practice guide to help organizations implement cybersecurity reference designs. To adopt the Zero Trust model, businesses need to apply three key principles:

• Verify explicitly: always authenticate and authorize everything

• Use least-privileged access: limit user access with just-in-time and just-enough-access to tighten data security

• Assume breach: compartmentalize infrastructure to minimize any damage, verify end-to-end encryption and use analytics to detect any threats and strengthen defenses.

Take a look at the Microsoft Zero Trust Capability Mapping to NIST ZT Architecture graphic on this page to see how to use Microsoft Security technologies to implement Zero Trust.

Let’s talk about your cybersecurity

As a member of the Microsoft Intelligence Security Association (MISA) and a finalist of the Microsoft Security Partner of the Year Award for 2024, Quorum Cyber defends over 200 organisations around the globe from cyber-attacks every day. Feel free to contact us to discuss how we can protect your organization.