Cyber security has moved from being an IT issue to a whole-of-business concern.
In our earlier articles, “Securing your business is more than locking the front door” and “Shift your cyber-security mindset into gear” we shared advice on the approach to cyber security that business owners should build into their operations. In this article (think of it as a part 3), we dig a little deeper into what the criminals are ‘up to now’ and how Microsoft subscribers can get a leg up against them with Intune.
A quick trip down memory lane
It doesn’t seem all that long ago that the digital world was far less complicated. Robust antivirus software was considered sufficient for most threats. It focused on preventing, detecting, and removing malicious software — viruses, worms, and trojans — that could compromise system integrity, steal data, or disrupt operations. Cyber threats were less sophisticated and less diverse than they are today, and businesses didn't have to worry about advanced persistent threats, state-sponsored attacks, or complicated ransomware schemes. The explosion of mobile devices, Internet of Things (IoT) technology, and cloud-based services was yet to occur, so vulnerability was barely an issue for most businesses. As we mentioned in our previous article, antivirus software alone no longer provides the required protections you need to make it hard for cyber criminals.
Fast forward to today
Cyber-crime is an extremely sophisticated industry. Many operate as very structured, well-funded organisations with teams of dedicated employees. It’s much less about the single hoodie-wearing, basement-dwelling hacker developing virus software, and much more about coordinated social engineering hacks.
Unheard of just a few short years ago, social engineering are things like:
- Multi factor authentication fatigue - you keep getting messages to authenticate a login. They persist until you get sick of them and press “approve” just to make them stop!
- Spoofing emails – well-disguised as one of your suppliers asking you to use a new bank account for payments (an account that’s controlled by the criminals), and clicking links to redirect deliveries.
- Watering hole attack - hackers install malicious links on websites your business frequently visits (aka your watering hole). That installs a backdoor trojan allowing criminals to access & control your device.
The list goes on, but you get the gist...
What’s an SMB to do?
We regularly discuss the importance of getting the basics right in our cyber security articles. This includes the guidance of the Australian Signals Directorate’s (ASD) Essential 8 framework, taking a whole-of-business approach, and seeking professional help when cyber security is not your day job.
If your business operates with Microsoft 365 you can add Intune to the list too. Aligned to the ASD Essential 8 recommendations, Intune manages user access for the M365 apps installed on all the devices your team use to do their job. Your business will be more secure with:
- Enhanced endpoint security: Microsoft Intune enables application control and whitelisting, reducing the attackable footprint of your operations and blocking malicious software.
- Streamlined patch management: This ensures software is easily kept up-to-date across all devices, reducing the risk of vulnerabilities being exploited.
- Secure Office macros: Microsoft Intune allows safe management of macro settings, which means less malicious macros.
- Privilege management: Tighter control of user privileges to restrict administrative access and minimise the potential impact of unauthorised activity.
- Strengthened authentication: Implement and manage multi-factor authentication, adding an extra layer of security.
- Data protection and backup: Enforce backup policies to protect critical data and enable recovery if something happens to the integrity or availability of your data.
- Comprehensive log monitoring: Microsoft Intune, when integrated, helps with logging and monitoring network traffic to quickly detect and respond to security incidents.
There’s plenty of peace-of-mind up for grabs when you have better control across all the devices in your business. Check in with your IT services provider to work out what’s possible or reach out to the efex team for help.