How to Protect Against 99% of Cyberattacks

Microsoft have released their Digital Defence Report for 2023. The report makes for interesting reading. We have highlighted below the report’s key section regarding how to protect against 99% of attacks.

Microsoft comments, “While we explore the many dimensions of the cyber threat landscape, there is one crucial point we must emphasize across them all: the vast majority of successful cyberattacks could be thwarted by implementing a few fundamental security hygiene practices. By adhering to these minimum-security standards, it is possible to protect against over 99 percent of attacks.”

The minimum security standards Microsoft includes are:

  1. Enable multifactor authentication (MFA) – to provide extra resilience. Read more about it on Microsoft’s website here – One simple action you can take to prevent 99.9 percent of attacks on your accounts
  2. Apply Zero Trust principles – these are:
    – Explicitly verify – ensure users and devices are in a good state before allowing access to company resources.
    – Use least privilege access – only allow the privilege that is needed for the user to access what they need to and no more.
    – Assume breach – this means constantly monitor the environment for possible attack.
  3. Use extended detection and response (XDR) and antimalware – use software to detect and automatically block attacks. This is available as an add-on to your existing anti-virus software for a small cost per computer.
  4. Keep up to date – unpatched and out-of-date computer systems are a key reason many businesses fall victim to an attack. Ensure all your systems – both hardware and software – are kept up to date. This includes patches and updates for firmware, operating systems and software programs and applications.
  5. Protect data – know where your important data is located and whether it has the right defences to keep it from being compromised. And make sure it is backed-up regularly!! Read our blog post about backing up your data here >

Password-based attacks also spiked in 2023 meaning it is more important that ever to have secure password procedures in place. Read our blog post about passwords here >

Posted in News