Cyber-crime getting more sophisticated: Rob Lefferts, security expert

As the risk for breaches and attacks keeps rising and becoming more sophisticated, defending our cyberspace has never been tougher and more critical.  The second day of Microsoft’s Future Ready started with a keynote by Rob Lefferts, corporate vice president, program management, M365 Security and Compliance, who spoke about managing security in an ever more threatening world and how the landscape is evolving.

 

“Attackers are growing more and more sophisticated. We see an increasing trend towards trickle-down of advanced attack techniques, from Apex Predator groups, to nation-state attackers moving into more and more tools and techniques that are available for a broader range of cybercriminal and ransomware groups,” said Lefferts.

However, how organisations think about security hasn't quite kept pace with that, and the tools that they use, need to move faster to help them respond to a more threatening world.

 

“There is a classic thing about security that is more true today than ever, which is that defenders have to know everything perfectly to be effective at defending an organisation while attackers kind of only has to know one thing pretty well,” added Lefferts.

 

A trend Microsoft has seen in attack organisations is that more and more attackers are moving towards a hands-on keyboard style of attack where there's a human operating the attack. This means a couple of things – attackers are moving slowly, are being a little bit more thoughtful, and they're doing their homework. They're executing on their reconnaissance.  And as the network has multiple points including home, office, SaaS provider, network, remote device, personal device, to name a few, any one of these places becomes a dwelling point where an attacker can lurk and from there start to take action against the rest of the organisation. 

Attackers could list off personal cell phones that employees are using to read corporate email, because that email is coming in, their employees can be tricked into giving away their corporate password from that device. And then again, that just becomes a place where attackers move in, start to infiltrate. They do that careful reconnaissance and start to move laterally across the entire organisation.

 

“What this means is that we have to think differently about how we provide protection. And one of the core investments that we've been making around Microsoft is a core zero trust worldview but in addition, a philosophy around big data. This shows complexity. And our solution to assist defenders with complexity is to give them a quicker handle on all of the information that is available since it's impossible for a human brain to know everything perfectly. Using data analytics to help collect all that information into a central place and then to help make sense of it for security teams,” said Lefferts.

 

He highlighted that Microsoft’s philosophy holds true throughout all of the security products, they are able to pull information from multiple places, whether that's agents running on endpoints or deep understanding of what's happening in the Active Directory or communication email system, pull all of that information into a central location where can really be applied modern big data analytics, which can be thought of as machine learning and artificial intelligence to really help make sense of all of this complexity on behalf of the defenders and security teams. And this is driven around a core and central worldview, zero trust.

Also Read: Cloud security, AI, risk management key trends for data protection in 2022: Dell

Also Read: Cyber AI, the New Cybersecurity Warrior