Hackers Trump Tradition

The traditional approach to hardware and software technology management relies on two foundational methods: human management of IT solutions and multiple third-party vendors. Opening the doors for a new battleground of hackers and espionage.

By Angie Hill

The Microsoft Exchange and SolarWinds hacks are constant reminders that the “bad guys” are taking every measure to exploit our systems and tools. The traditional approach to hardware and software technology management relies on two foundational methods: human management of IT solutions and multiple third-party vendors. The vulnerability of both methods, and their toolsets therein, have become the new battleground for espionage and hackers seeking financial gain or disruption.

Hackers Trump Tradition

In the case of Microsoft Exchange hack, human error led to the attack. Small-to-medium sized companies and companies who depend on their IT staff or managed solution provider (MSP) to implement a massive Microsoft patch opened the doors to a group of Chinese hackers. Lack of security knowledge, failure to perform routine security, and poor maintenance of updates and patches caused the recent attack from a Chinese hacking group.

The attack was avoided primarily by larger organizations and companies who had adopted and migrated from on-premises servers to Microsoft Exchange Online. Adoption of Cloud-First Approach (  would have helped these smaller businesses, as patches are automatically pushed for Microsoft 365 and Exchange Online.

In early March of 2020, SolarWinds and their customers became targets by a Russian Intelligence Service. A routine security patch resulted in a massive breach felt by Fortune 500 companies and the U.S. government. SolarWinds unwittingly sent malicious code through their company’s software system “Orion”. Organizations that use Orion to manage their IT resources were sent hacked code.  

These examples show that the traditional method of using multiple third-party vendors to manage IT resources and relying only on human management to maintain security exposes organizations to external threat actors. Nation-states (check out the article on HUMINT) and hackers depend human error and their own clandestine methods to exploit devices, systems, and technology. 

“Limit the technology layers to reduce the threat vectors.”

Secure Your Vault

As discussed in A Cloud-First Strategy, the technology landscape can be compared to bank vault. Typically, a bank vault has one door, a guard, cameras, a manager with one key for access, and other layers of protection to ensure no one can get in or out without access control. Can you say the same for your organization when it comes to your technology tool stack?

The answer is likely no. Many organizations lack a unified approach to their technology and security solutions, and typically rely on third-party vendors who are in the business of reselling security or technology tools to make money. This opens the door to the threat landscape and offers a variety of access points for external threat actors.

So, what can you do to start closing those doors to your vault and adding layers of protection on the systems you already own?

Use What You Already Have

My answer would be to take advantage of what you already have and take a cloud-first approach with Microsoft. 9 times out of 10, an organization has made some sort of Microsoft investment, and is likely using 20% or less of the capabilities offered with the licensing subscription the organization has purchased. Microsoft is a leading vendor that almost everyone has invested in for their core business tools and applications of Microsoft Office products. Why not beef up your security offered and continue to invest with Microsoft and their holistic offering that limits your threat vectors?

Today, Microsoft offers advanced security and compliance that can help organizations streamline their security solutions. It is true that Microsoft 365 does not solve for every security control; however, many of the tools offered with their E5 licensing (Microsoft Defender Security, and Advanced Threat Protection (ATP)) can offer a holistic approach to security and compliance needs.

5 Microsoft Security Solutions to Increase Security

  1. Security Hardening – Many IT providers and MSPs offer external tools to harden a system and resell multi-factor authentication or single-sign on. Before you pay for outsourced or external tools, know that Microsoft offers this within their environment. Microsoft 365 provides a baseline layer of security as well as multiple security configurations that address external sharing and a variety of privacy controls.
  2. Email Hardening – Are you paying outside vendors and another portal to offer encryption in transit? Look no further: Microsoft offers encryption and security for email. Additionally, Microsoft can set-up mail flow options that trigger messages for forward approval, block email auto-forwarding within your company, and configure mobile device policies according to your organization’s specific security controls and standards.
  3. Microsoft Defender Security – This tool offers real-time protection against a multitude of threats including adware, spyware, and viruses. It includes:
    1. Security Dashboards Galore
    2. Defender of Endpoint Management
    3. Security Operations
    4. Threat Analytics
    5. Device Inventory Security Overview
    6. Incidents
    7. Alert queues
    8. Reporting Capabilities
    9. Threat and Vulnerability Management Dashboard that provides intelligent security recommendations and improvement actions to boost security scores.
  4. Cloud App Security – Allows a company to get the full benefit of cloud apps and services while finding the right balance between access and data protection. Provides rich visibility and control over data travel, as well as sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.
    1. Protects your sensitive information anywhere in the cloud
    2. Protects against cyberthreats and anomalies
    3. Assesses the compliance of your cloud applications
  5. Advanced Threat Protection (ATP) – Are you paying for phishing exercises and reporting through a third-party tool? Did you know that this can be conducted with E5/ADP licensing within your Microsoft ecosystem? ATP detects and responds to potential threats by providing security alerts and anomalous activities. Additionally, alerts of suspicious activities, vulnerabilities, and simulated attacks can be configured in the tool.
  6. Mobile Client EndPoint – Microsoft offers a management system that controls and applies policies/profiles to any remote devices that communicate with their Microsoft tenant. Ensure control and security of your tenant’s endpoint devices by creating and managing compliance policies, configuration policies, app protection policies, app configuration polices, and conditional access policies. Windows, iOS, macOS, and Android devices will have policies and access pushed to the endpoint managed devices.
  7. Security & Compliance Center – Last week we talked about Microsoft Government Cloud Solutions, which covered some of the capabilities within Microsoft 365’s Commercial environment for Compliance. According to Microsoft, the Security & Compliance center lets you grant permissions to people who perform compliance tasks like device management, data loss prevention, eDiscovery, retention and more. An organization can protect devices, configure Risk & Security Frameworks like HIPAA, CMMC, NIST-800-71, and others. It comes with a Compliance Manager, dashboard, and repository to upload compliance documents. An auditor’s dream!

 

While the above may seem like a lengthy list, it really is only tip of the iceberg on Microsoft 365’s security offerings. Understand that the traditional approaches to technology management are vulnerable and that there are cloud solutions, if implemented correctly, that could solve for a lot of technology and security needs.

Interested in learning more? Contact Jadex Strategic Group today for more cloud, compliance, security, and Microsoft needs