Dr. Martijn Dekker’s Post

“I want the contract signed by end of the week”. How many of you in the in house counsel business have you received such requests? Perhaps you have lost counting. And yes, we want to enable business and not bring friction. But there is a need to strike a balance between urgency and doing things right. Do not diminish the importance of due diligence, the fit for purpose security measures, do follow a burdensome internal procedure to let the right people know before the execution of a contract or an implementation of a project. And yes, we need your input to make this procedure less burdensome and align internally on all necesary steps. Working remotely has accelerated things and everything is faster. Take a minute, stop and think before asking. If Microsoft cannot keep up with security challenges then other companies face similar or even worse challenges given their budget. #security #dataprotection #dpo #duediligence to

Hackers don't care if the system they use to gain access to your data is a legacy or non-production system. If you have accessible systems then they should have full production controls on them. Traditionally the business driver to allow easy and fast access for testing and dev without all those security "barriers" (like brakes or parachutes) has often taken priority, and updating "legacy" systems has gone to the bottom of the priority list where resourcing is limited. This statement from the Blog is absolutely spot on. "We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes. This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy. " 

Microsoft reported a cyber incident yesterday. The attack used a password spray attack to gain access to a legacy non-production test tenant. The attacker then got access to email accounts of microsoft employees, including those of senior leadership members. This raises many questions of course, but more interestingly it impacts the security decision making in microsoft, and we should all take a good look at this in our organisations. From the microsoft blog: “As we said late last year when we announced Secure Future Initiative (SFI), given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk – the traditional sort of calculus is simply no longer sufficient. For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.”

Two months after a nation state cyberattack, Microsoft has yet to expel the attacker from their systems, stating: “We are shifting the balance we need to strike between security and business risk – the traditional sort of calculus is simply no longer sufficient. For Microsoft, this incident has highlighted the urgent need to move even faster” This is Microsoft’s realization that their own cybersecurity needs to be stronger. How do you think that compares to the average company’s cybersecurity plan? What about your company? https://lnkd.in/esPwgZJq

“Defenders think in lists. Attackers think in graphs.” Microsoft recently disclosed a breach in their internal systems, impacting “a very small percentage of corporate accounts.” The root cause - a legacy test system. The incident, beginning in late November 2023, involved a password spray attack. The attackers compromised a non-production test tenant account, gaining access to Microsoft’s corporate email accounts, including those of senior leadership and employees in cybersecurity and legal functions. The breach led to the exfiltration of some emails and attached documents. This incident is a stark reminder of the importance of a holistic approach to information security. Even for smaller businesses, it underscores the need to regularly review and update security protocols, even for systems that may seem inconsequential. No system is too small or unimportant when it comes to security. It's not just about having security measures in place; it's about continually adapting and evolving them. Review your security measures today. Are there any 'legacy' systems or 'small' areas you've overlooked? #breach #holisticapproach #informationsecurity #isms https://lnkd.in/dQb49VRQ

Questions all Microsoft Security customers should be asking themselves. Thank you for the informed opinion Atif Siddiqui. Palo's SOC sees over 36 Billion Alerts per day. We have had no major incidents and have an MTTD of 10 seconds and MTTR of 1 minute. How can we help you transform your SOC?

Microsoft shares a blog post regarding their latest security breach, following a new U.S. Securities and Exchange Commission rule for publicly traded companies to disclose cybersecurity incidents. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.” Read more below. #informationsecurity #cyberattack #databreach #infosec #MFA #securityassessments #riskassessment #securityprogram #securitybreach

Great take on the latest Microsoft breach - worth a read! Thanks Atif Siddiqui 👏🏼 This is why it’s important and necessary to consider alternatives to traditional SIEM solutions. Palo Alto Networks is changing the game with Cortex XSIAM by helping your enterprise automate manual security tasks, and by accelerating incident response and remediation to help you reduce your MTTD and MTTR. Protect your crowned jewels!

Microsoft's recent announcement regarding its response to the nation-state actor attack, Midnight Blizzard, highlights the importance of integrating and automating security solutions to provide practical and actionable intelligence to Security Operations Centers (SOC). A top vendor like Microsoft, their security operations center reported that it took them an average detection time from 1.5 months to 2 months. With Microsoft striving to reduce their own detection time (MTTD), it begs the question of how their customers can achieve this feat with their current setup? It's important to remember that tools are just tools and the blanket E5 isn't enough; their true value is realized when seamlessly integrated and automated. Just enough security isn't enough security. #knowledgeispower #cybersecurity #ciso #siem #paloaltonetworks #cortexxsiam #cortex #automation #xsiam #cfoinsights Check out Microsoft's actions following the attack here: https://lnkd.in/gji4B59f

I took some time to read Microsoft's announcements on the recent unauthorized access and data exfiltration from some of its most senior leadership and critical roles in Legal and Cyber functions. This section specifically caught my eye - "The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required".  I'm a little confused and have a couple of questions for my cyber friends. 1) How can an attacker get access to real emails if the attack didn't access a "production system" ? 2) How can an organization identify that the primary issue and threat is a well resourced nation state adversary, that now requires an urgent response, when it has been publishing how to guides to address this threat for several years? Doesn't known mitigation steps reduce risk from threats? 2020 Protecting your organization against password spray attacks - https://lnkd.in/eqMf_RvV 2022 Use Authentication Policies to Fight Password Spray Attacks (including statements such as "How do you set up Authentication Policies? Our documentation is rather good at answering this question….," https://lnkd.in/ekstK8yS 2023 Password spray investigation https://lnkd.in/eAZqprz8 Also https://lnkd.in/eFpvP27g https://lnkd.in/ewzEbYNK