The task of securing organizations is constantly changing and getting more complex. Many organizations don’t have the time, resources, or expertise to build an in-house incident response program. For customers that want help remediating an especially complex breach (or avoiding one altogether), Microsoft Incident Response offers an end-to-end portfolio of pr

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee training. Their access to employees at the start of employment is an opportunity to lay a foundation f

This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397. A successful exploit of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak. Understanding the vulnerability and how it has been leveraged

The security operations center (SOC) plays a critical role in protecting an organization’s assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing add-on services like vulnerability identification, inventory tracking,

Small and medium-sized businesses are at the heart of our economy and are dedicated to driving value for their customers, whether that means trying new recipes, exploring new inventory, expanding services, arranging the shop so it’s easier to navigate, or keeping the shelves stocked with the products customers love most. We understand your dedication—and the

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors a

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience.  Many companies must now protect their systems from more sophisticated threats with fe

An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner. Such playbooks help optimize the SOC processes, and are a maj

Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1 With global, industry, and national-level regulations, the need

With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to cloud infrastructure, and evolving threats that can cause sens

March 22, 2023 9 0 Author: Matthew Turner Cybersecurity News Digest [February 2023] Congratulations to our readers on the end of wi

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.  You’ve implemented multifactor authentication for access to your enterprise network. But what if multifactor authentication isn’t as foolproof as you’re hoping? Are you comfortable betting your organization’s security on it

Tesla Owner Unlocks and Drives Off with the Wrong Vehicle by Mistake March 21st, 2023 No Comments Data Privacy, Data Protection, Mobile Security On a typical day in Vancouver, Canada, Rajesh Randev, an immigration consultant, found himself in an unusual situati

Traditionally, operational technology (OT) and IT have occupied separate sides of enterprise security. But with digital transformation and the advent of Industry 4.0, the old, siloed approach is showing its age.1 The rise of manufacturing execution systems has enabled more “smart factories” to deliver improved manageability and data collection. While increas

Today, Microsoft announced the successful completion of the Cloud Data Management Capabilities (CDMC) 14 Key Controls and Automations certification, conducted by Accenture and Avanade, accelerating the industry’s move to the cloud. The 14 Key Controls and Automations are a part of the EDM Council’s Cloud Data Management Capabilities framework formulated as a