Security
Headlines
HeadlinesLatestCVEs

Headline

Cybersecurity Awareness Month 2023: Elevating Security Together

As the 20th anniversary of Cybersecurity Awareness Month begins, I find myself reflecting on the strides made since its inception. The journey to enhance and improve cybersecurity is ongoing and extends beyond October. It’s not merely a technological challenge; it is fundamentally about people. It’s about the customers and communities that we at Microsoft work tirelessly to safeguard and defend.

msrc-blog
#vulnerability#microsoft#git#ssl

As the 20th anniversary of Cybersecurity Awareness Month begins, I find myself reflecting on the strides made since its inception. The journey to enhance and improve cybersecurity is ongoing and extends beyond October. It’s not merely a technological challenge; it is fundamentally about people. It’s about the customers and communities that we at Microsoft work tirelessly to safeguard and defend. It’s about the committed cybersecurity professionals on the front lines and the security community working together to bolster cybersecurity for all. This month serves as a reminder of our continuous commitment to this cause.

STRIKE: Microsoft’s beacon of tailored security awareness
In today’s fast-paced digital era, where threats evolve with alarming speed, we employ the STRIKE program as a defense against cyber threats. Our security awareness initiative is designed to meet the specific needs of the company’s technical workforce, providing our teams with custom defenses against emerging threats.

The success of STRIKE lies in its emphasis on internal expertise. The program utilizes the knowledge of our in-house experts for security awareness and training, ensuring that our defenses are not only relevant but also effective. Additionally, we actively incorporate insights from real-world security incidents and collaborate with external security researchers, allowing them to share their methods for discovering vulnerabilities, further enriching our understanding and preparedness. STRIKE provides a variety of courses and events. These include “Securing You,” which provides an essential overview of the current security environment, privacy, and techniques for digital safety. There’s also “Hacking 101,” exploring the mindset of hackers, and “So You Want to Prevent Credential Leaks,” which dives into proactive prevention tools.

The ability of STRIKE to adapt and stay relevant in the changing digital threat landscape sets it apart, demonstrating our proactive and comprehensive approach to providing our employees with the appropriate skills and knowledge to protect customers.

Phishing protection
Part of our defense strategy includes a robust focus on phishing awareness. In addition to developing and implementing protective controls that reduce the instances of malicious communications, we also have a robust user awareness program that educates employees about phishing and equips them with tools to recognize and report any concerns. This initiative is designed to educate our workforce, equipping them with the critical skills to recognize and report potential phishing threats.

Part of our user awareness program includes phishing simulation exercises, where we see our training in action. We use our first party Attack Simulator tool to deliver real-world like phishing experiences and provide learning opportunities to our employees. These exercises focus on the importance of reporting and building a culture of security across the company.

Strengthening cybersecurity: Bridging the skills gap and boosting diversity
Our dedicated cybersecurity experts work 24/7 to protect customers, communities, and Microsoft from emerging and future threats. But the ever-growing cybersecurity challenges we face are compounded by a growing shortage of cybersecurity professionals—the very people we need to take up this fight. We’re committed to support students and professionals who are interested in the industry through education programs for K-12, colleges, as well as via certifications. We also partner closely with organizations such as Girl Security and WiCyS to help increase diversity in the industry through mentorship programs. We aim to recruit 250,000 people into the worldwide cybersecurity workforce by 2025 through financial and scholarship opportunities].

Stronger, together
We strongly believe close partnerships with the global security researcher community make customers more secure. I’m thankful that we can partner with the best security experts through our Bug Bounty program and industry partnerships. No software is immune to vulnerabilities, so our partnerships make us stronger together. We partnered with 2,000 security researchers from 50 countries, which provides a huge array of diverse insights. Our 80+ industry partners, through the Microsoft Active Protections Program, engage with us to implement detections immediately while we’re building the patch. We appreciate the opportunity to connect with our partners to share lessons learned, hear their feedback, and forge new relationships.

As you can see, cybersecurity is really all about the people, and we all have a role to play in helping to make our digital world safer and more secure. This month, let’s reaffirm our commitment to working together for improved cybersecurity for all.

Aanchal Gupta, Deputy CISO and Corporate Vice President

msrc-blog: Latest News

Toward greater transparency: Publishing machine-readable CSAF files