Cybersecurity is a major headache for a lot of organizations, especially in a landscape where cyberweapons are being sold by private companies. Just recently, we learned that the eCh0raix ransomware is threatening NAS devices and that PrintNightmare continues to be literal nightmare for Microsoft, even though the company released a patch just a couple of days ago that was supposed to close the vulnerability.
Now, in a detailed blog post, Microsoft has outlined the steps that organizations need to take to strengthen their defenses against cyberattacks. Most of these methods can be implemented by organizations of any size, globally.
In total, the Redmond has described seven steps to harden your organization against security threats. The list certainly isn"t exhaustive but Microsoft says that it is the most cost-effective and practical. The firm has emphasized that if your defenses are above average compared to the rest of the industry, most low-skilled attackers will give up quickly and move on to the next target.
The first method is to patch your systems within 48 hours of an update rolling out. This does not only include Domain Controllers and Microsoft Azure Active Directory Connect, but also productivity clients like browsers, email, and VPN. It is especially recommended to enable automatic updates for web browsers, and organizations are also encouraged to utilize Windows Update for Business to reduce manual maintenance efforts.
Another way is to configure your Windows device with Microsoft Defender for Endpoint or any other trusted extended detection and response (XDR) solution. The company says that this should be your first line of defense as it allows cybersecurity teams to actively respond to security threats.
In the same vein, Microsoft has also recommended reducing your attack surface and exposure by using firewalls, two-factor authentication mechanisms, and VPNs. Servers on Azure can make use of the Bastion service to restrict access to certain incoming IPs.
Yet another way to limit exposure is to utilize the principle of least privilege (PoLP). This can be done using the deployment of Local Administrator Password Solution (LAPS), setting up dedicated admin workstations for critical workflows, and managed service accounts with rotating passwords.
The fifth technique mentioned by Microsoft is to migrate on-premises services to the cloud where possible. The company says that this allows you to partake in a model of shared responsibility where the cloud provider manages a lot of the security grunt work. Additionally, the tech giant also has a portfolio of cloud-powered security tools on Azure for customers to utilize.
Another important guideline from Microsoft is to decommission or upgrade legacy hardware, software, and protocols. The company has noted that a lot of organizations still use traditional file-sharing mechanisms which can be utilized as attack vectors in ransomware attacks.
Finally, Microsoft has recommended that apart from the collection of logs, effort should also be invested in monitoring them regularly since a lot of malicious activities can be spotted directly from there. While purchasing traditional security incident event management (SIEM) systems may be too expensive for many organizations, Microsoft has urged businesses to consider Azure Sentinel.