Safeguarding the Digital Line in Defence
Earlier this year, Canada’s Minister of National Defence stated that cyber security is one of the most serious economic and national security challenges we face today. The accelerated move to online services and remote work over the past two and a half years has created ample opportunity for criminals and state actors to threaten both citizens and Canadian organizations across both public and private sectors.
As the cyber threat landscape has evolved, so has the nature of cybercrime. Data from Microsoft’s Detection and Response Team (DART) in our latest Digital Defense Report shows that cybercrime supply chains are consolidating and maturing. Organizations of all sizes and across industries including defence, are no longer up against single individuals, but organized groups or nation-state threat actors that have the resources to do a wide range of damage. Today, the commercial sale of offensive cyber tools coupled with a global pool of talent has resulted in more threat actors and more sophisticated threat activity. Illegal online markets mean that cybercriminals can simply buy proven cybercrime kits, services, and stolen credentials, so they’re equipped with better tools and automation, enabling them to scale attacks in even more efficient ways. Nation-state actors continue to focus operations and attacks on government agencies, intergovernmental organizations, NGOs, and think tanks for traditional espionage or surveillance objectives – and are the source of some of the world’s largest and well-known attacks.
Cybersecurity has long been the foundation of every mission-capability conversation for defence and intelligence agencies. But now, with more organizations investing in advanced technology like cloud and AI to stay agile and secure a competitive advantage, ensuring that critical data and online networks are resilient and protected against cyber threats is imperative.
To do so, defence and intelligence agencies must have an effective security model in place that strengthens their line of cyber defence and effectively adapts to the complex modern environment, protecting people, devices, apps, and critical data wherever they are located.
Enter Zero Trust
Zero Trust is the foundation for organizational resilience and the future of security. A Zero Trust framework enables organizations to proactively stay secure by protecting devices, users, and networks wherever information workers are. This approach assumes that nothing inside or outside of the network is inherently secure. Requests for access from identities and devices must continue to be verified. The principles of Zero Trust include:
- Verifying explicitly: Organizations need to continually verify requests for access to resources using all available context and ensure strong authentication with multifactor authentication (MFA) – which prevents 99% of credential threats. Password-based attacks remain the main source of Identity compromise.
- Use least privilege access: Organizations should limit user access to the minimum required with just-in-time and just-enough access (JIT/JEA) approaches, risk-based adaptive polices and data protection to help secure both data and productivity.
- Assume breach: Finally, apply defence in depth principles, minimize blast radius and segment access. Use monitoring and analytics to get visibility, detect and contain threats, manage insider risk, and improve your ability to respond effectively.
By applying the Zero Trust principals, defence and intelligence agencies can augment their existing cyber security measures and:
- Improve enterprise visibility
- Reduce IT complexity
- Provide superior data protection and exfiltration detection
- Reduce security workloads
- Deliver a superior user experience
- Employ in conjunction with or in preparation for cloud migration
Given the leap in attack sophistication over the past few years and increased dependency on digital tools in military operations, it is more important than ever that defence and intelligence agencies bolster their cybersecurity efforts. The internet or cyberspace is predominantly owned and operated by the tech sector, especially cloud service providers like Microsoft. At Microsoft, we’re working with our defence customers and partners to tackle security from all angles, improving readiness, security, reliability and modernizing the defence workplace. We have a unique view into the global cyber threat landscape that is distinct and complementary to that produced by intelligence agencies. Partnering closely with industry is crucial to achieving Canadian national security objectives in the digital world.
To learn more about Zero Trust and Microsoft’s work with defence and intelligence agencies, visit aka.ms/defencedigital.