Cybersecurity threats are always changing—staying on top of them is vital, getting ahead of them is paramount


By Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management

With a 1,070 percent increase in ransomware attacks year-over-year between July 2020 and June 2021, staying on top of attack trends—such as ransomware and supply chain threats—is more important than ever.1 To successfully detect and defend against security threats, we need to come together as a community and share our expertise, research, intelligence, and insights.

Microsoft Security Insider is a site for business leaders focused on cybersecurity to get the latest news, insights, threat intelligence, and perspectives on top-of-mind topics in cybersecurity. As we analyze over 24 trillion threat signals daily and engage with hundreds of thousands of customers, our objective is to share our unique perspective on the threat landscape and the top challenges facing security practitioners and Chief Information Security Officers (CISOs) today. This is the place where you’ll get our insight on the latest threat trends, security intelligence, learn about CISO perspectives, hear from security leaders working behind the scenes, and get actionable guidance and approaches to help you secure your organization. Today on Microsoft Security Insider, you’ll find our recent Cyber Signals report that addresses the dangerous mismatch in identity security controls versus attacks—illuminating identity as the new battleground. You’ll also find reports on the threat landscape and IoT adoption, as well as perspectives from security innovators. Here are a few more highlights:

Preparing for attacks
Change brings opportunity. Exciting technology advances have supported a remote workforce and enabled organizations to remain productive in a changing environment. Unfortunately, increasingly complex digital environments have given cybercriminals new vulnerabilities to exploit. Attempts to trick workers into revealing sensitive information through work-related phishing are on the rise—in fact, you may be surprised to learn that 88 percent of security leaders say phishing attacks have affected their organizations.

Often, it’s a simple error in security fundamentals—like neglecting to enable a certificate—that leads to a security breach. In the CISO Insider report, security leaders share seven security strategy fundamentals, including gaining visibility into their environment, educating users, and managing vulnerabilities. I’d also advise planning and practicing your plan with your team to make sure you’re prepared for a security incident. After all, about 4,000 cybercrime attacks are committed every day in the United States.2 The reality today is that if you can be hacked, there’s a good chance you will be.

Defending the supply chain
An extremely connected and complex supply chain makes it a ripe target for cybercriminals. Open source supply chain attacks are up 650 percent year-over-year from 2020.3 In our public briefing, you’ll find details about the average number of vendors in a company’s supply chain. Hint: it’s probably higher than you think. You’ll also hear from a manufacturing consumer packaged goods CISO who said Zero Trust is “getting a new life” in his industry. My colleague, Rob Lefferts, shares three principles of the Zero Trust security model, which takes a proactive, integrated approach to security, that can help security leaders protect their supply chains.

Addressing the talent shortage
In November 2021, a record 4.5 million people in the US quit their jobs, with a historic rise reported in all four US regions.4 More than 40 percent of employees worldwide are considering quitting their jobs in 2022. You probably have heard of the term used to describe this labor shortage trend—the Great Resignation. Even before the pandemic, cybersecurity was struggling with a labor shortage. CISOs are understandably concerned about affording, finding, and retaining top talent—or attracting new talent if they can’t.

Security leaders must get innovative to address this challenge and some are exploring the concept of “security is everyone’s job.” That means making sure development teams, system administrators, and users all understand security policies and risks. On the Microsoft Security Insider, you’ll read the story of a legal services CISO whose company deputized IT members as security representatives.

Explore Microsoft Security Insider
I always learn something interesting during my conversations with security professionals, researchers, and threat intelligence experts. I’m so thrilled that, now with the Microsoft Security Insider, I can share these insights and behind-the-scenes stories with everyone. Visit Microsoft Security Insider for insights from a community of security experts and get more details on everything I covered here and more.

This article is originally from Microsoft Security Blog. Visit and learn more.

1How CISOs are preparing to tackle 2022, Vasu Jakkal, Microsoft. January 25, 2022.
2Cyber Security Statistics 2020, William Goddard, IT Chronicles. May 27, 2021.
32021 State of the Software Supply Chain: Open Source Security and Dependency Management Take Center Stage, Matt Howard, Sonatype. September 1, 2021.
4A record 4.5 million people quit their jobs in November, Reuters. January 4, 2022

Sustaining Partners