Search
Close this search box.

BUI Cyber Research: Critical Microsoft Defender FlawBUI Cyber Research – Unveiling a Critical Vulnerability in Microsoft Defender XDR’s Attack Surface Reduction rules

Terms and Conditions for this security vulnerability disclosure blog:

  1. Disclosure Policy. We follow a responsible disclosure policy, notifying vendors of vulnerabilities at least 90 days before public disclosure, and working co-operatively to resolve issues.
  2. Disclaimer. The information provided is for educational purposes only. We are not responsible for any misuse of this information.
  3. Ethical Considerations. Readers are urged to act ethically and legally when investigating and disclosing vulnerabilities.
  4. Use of Information. Information from this blog may not be used for illegal purposes or reproduced without permission.
  5. Feedback. We welcome feedback and corrections to ensure the accuracy and relevance of our content. Please email us (info@bui.co) or use the digital form on our contact page to submit feedback.
  6. Legal Compliance. Readers must comply with all applicable laws when testing for and disclosing vulnerabilities.

Microsoft Defender XDR is a comprehensive cybersecurity solution designed by Microsoft to protect organisational networks and devices. At its core are the Attack Surface Reduction (ASR) rules, which are strategic security protocols aimed at minimising the vulnerabilities and pathways exploited by cyber threats. These rules act as a crucial line of defence, shielding endpoints from various attack vectors such as malicious documents, scripts, and other potentially harmful activities. However, despite their importance in fortifying cybersecurity defences, recent scrutiny has uncovered a critical vulnerability within these ASR rules. This vulnerability poses a significant risk as it allows adversaries to bypass established security measures without triggering alerts or raising suspicion, thereby compromising the effectiveness of Microsoft Defender XDR’s defence mechanisms.

Regrettably, a remedy for this issue is not yet available*. Consequently, recourse to Advanced Hunting queries armed with Custom detection rules becomes imperative to diligently monitor for any indicators of compromise, thereby mitigating potential risks.

* Table 1: BUI researchers logged two notices via the Microsoft Security Response Center. The details are included here in Table 1.

Critical Vulnerability explained

Attack Surface Reduction (ASR) rules are configured on devices by means of a registry key. The contents of this key include the GUID for the specific ASR rule as well as the state of the rule (Block, Audit).

The registry key is not protected and can be modified without triggering any alerts, essentially bypassing ASR rules, which could result in negation of the protection.

Registry Key:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager\ASR Rules

Critical Vulnerability demonstrated

By following the steps below, ASR rules can be bypassed. The rule Block all Office applications from creating child processes will be tested.

Bypassing ASR rules:

  1. Launch an elevated PowerShell session and run the following commands to confirm that ASR rules are configured:

       Get-MpPreference | Select-Object -expandproperty AttackSurfaceReductionRules_Ids

       Get-MpPreference | Select-Object -expandproperty AttackSurfaceReductionRules_Actions

  1. Navigate to the following registry hive:

       Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager\

  1. Open the following registry key:

       ASR Rules

  1. Delete the contents of the registry key.
  2. Rerun the following commands in an elevated PowerShell to confirm that the ASR rule configuration has been removed:

       Get-MpPreference | Select-Object -expandproperty AttackSurfaceReductionRules_Ids

       Get-MpPreference | Select-Object -expandproperty AttackSurfaceReductionRules_Actions

Testing the bypass:

  1. Create a simple bat file to create a folder.

       Example: Mkdir “c:\tools\new folder”

  1. Launch Microsoft Word.
  2. Enable the Developer Tools tab on the Ribbon.
  3. Create a new Macro and edit the Macro in Visual Basic.
  4. Enter the following code:

       Sub [your Macro name] ()

       Dim str As String

       Str = “cmd.exe /C [location of bat file]

       shell str, vbMaximizedFocus

       End Sub

       Example shown here in screenshot:

  1. Run the Macro and verify that a folder has been created. See screenshot:

The successful creation of a folder indicates that ASR rules have been successfully bypassed.

Running the same Macro without bypassing the ASR rules results in the following alert:

Mitigation strategies

By determining the current ASR policy configuration and monitoring for any changes to this configuration, Advanced Hunting queries with Custom detection rules can act as a potential mitigation strategy until this critical vulnerability is remediated.

  1. Determine the current configuration by viewing the following registry key:

       Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager\ASR Rules

  1. Within Microsoft Defender XDR, run the following Advanced Hunting Query:

       DeviceRegistryEvents

       | where RegistryKey has “HKEY_LOCAL_MACHINE”

       and RegistryKey has “SOFTWARE”

       and RegistryKey has “Microsoft”

       and RegistryKey has “Windows Defender”

       and RegistryKey has “Policy Manager” or

       RegistryKey contains RegistryValueName == “ASRRules” and RegistryValueData != PreviousRegistryValueData and RegistryValueData != “ [Enter your registry key value here]

  1. From the Advanced Hunting query, create a Custom detection rule. 
  1. Configure the Alert details, Impacted Entities, Actions as required.

       Suggested configurations:

       Frequency: Every hour

       Impacted Entity: Device | Device ID

       Actions: Run antivirus scan

Once configured, the Custom detection rule will run once every hour and generate an alert for all devices in which the ASR rule registry key has changed.

Any alerts should be investigated as running a Microsoft Defender Antivirus scan alone will not be a sufficient response.

It is important to note that the registry key in the Advanced Hunting query should be updated after any change is made to the ASR rules.

Copilot for Microsoft 365: Key news updates to know

In Part 1 of our Copilot for Microsoft 365 spotlight series, Cloud Security Architect Neil du Plessis unpacks the news you need to know about this AI-powered assistant for the modern workplace.

By Neil du Plessis | Cloud Security Architect, BUI

Copilot for Microsoft 365, the advanced AI assistant embedded in Microsoft 365 apps like PowerPoint and Word, made waves in workplaces worldwide after it was ANNOUNCED IN 2023.

The tool enables people to perform tasks and generate content using natural language commands and is ALREADY CONSIDERED A GAME-CHANGER for productivity and human-computer interaction, even as Microsoft continues to refine its capabilities and features.

So, what can we expect from this innovative technology going forward? Here are four important updates to know about Copilot for Microsoft 365.

1. Copilot for Microsoft 365 is now generally available to businesses of all sizes.

On 1 November last year, Microsoft made Copilot for Microsoft 365 available to Microsoft 365 customers on Enterprise plans. Since then, Microsoft has removed the Microsoft 365 prerequisite and minimum-purchase restrictions to expand its Copilot for Microsoft 365 licensing model to include enterprises using Office 365 E3/E5 and small and medium-sized businesses (SMBs).

As of 15 January 2024, Enterprise customers (Office 365 E3, Office 365 E5, Microsoft 365 E3 and Microsoft 365 E5) and Business customers (Microsoft 365 Business Standard and Microsoft 365 Business Premium) can purchase Copilot for Microsoft 365 as an add-on to an existing subscription for $30 per user per month.

2. Copilot for Microsoft 365 will be supported in more languages and regions this year.

Initially, Copilot was only available in English for users based in the United States, Canada, and the United Kingdom. Today, it’s available in 36 regions across the Americas, Europe, Africa, and Asia, and Microsoft is working hard to expand both audience and market reach.

In addition to English, Copilot for Microsoft 365 is supported in Chinese (Simplified), French, German, Italian, Japanese, Portuguese, and Spanish. Microsoft plans to support several more languages over the first half of 2024, including Arabic, Chinese (Traditional), Czech, Danish, Dutch, Finnish, Hebrew, Hungarian, Korean, Norwegian, Polish, Russian, Swedish, Thai, Turkish, and Ukrainian.

Satya Nadella, Microsoft chairman and chief executive officer, speaks on stage at Skylight at Essex Crossing in New York City during the Microsoft Copilot event in September 2023. Image credit: Microsoft

3. Copilot for Microsoft 365 is now integrated with more apps and services.

Microsoft is enhancing the workplace value of Copilot for Microsoft 365 by adding new features and integrating it with more apps and services – both inside and outside of the Microsoft 365 suite. For example, Copilot works seamlessly with Loop and SharePoint, and is coming soon in Planner, OneNote, and Stream to allow users to access and manage files and tasks through natural language prompts and queries.

Copilot can also connect with third-party apps and services, including Salesforce, Jira, Dynamics 365, Bing Web Search, ServiceNow, and Zendesk, enabling users to perform actions and gather external information without leaving their current app.

Copilot can also leverage the power of the Microsoft Graph and third-party integrated applications like SQL and Confluence to provide users with personalised, contextual suggestions and insights based on their preferences, history, and activity.

4. Copilot for Microsoft 365 is becoming more accurate and reliable by the day.

Microsoft is committed to improving Copilot for Microsoft 365 so that it consistently produces relevant, high-quality output for users based on their prompts and context. To achieve this, Microsoft has been refining Copilot’s processing and orchestration engine, updating its Large Language Models, and gathering public and partner feedback through early access programmes, preview programmes, and dedicated community forums like the Copilot Feedback Hub, where users can share their observations, suggestions, and experiences with the tool.

These efforts continue to yield results: Copilot’s accuracy and reliability have improved significantly since launch; 70% of early users have reported increased personal productivity; and 77% of early users have said that once they used Copilot, they didn’t want to give it up.

With its expanded licensing model, broader language support, increased integration with apps and services, and improved accuracy and reliability, Copilot for Microsoft 365 is set to become a critical tool for businesses of all sizes.

As Microsoft further refines Copilot’s capabilities and features, we can expect this AI-powered assistant to revolutionise organisations everywhere by empowering people to do more with their favourite Microsoft 365 apps every day.

BUI Cloud Security Architect Neil du Plessis is a certified CISSP and Microsoft Cybersecurity Expert specialising in holistic, cloud-powered defences for modern workplaces.

Wondering if Copilot for Microsoft 365 is right for your organisation? Join the BUI team for an interactive workshop and we’ll assess your Copilot for Microsoft 365 readiness and define a road map for your adoption journey. The workshop is conducted virtually, and is suitable for senior business development managers, line-of-business leaders, managers, technical decision-makers, and end-users. Register your interest by completing this digital form and we’ll contact you directly.

BUI Becomes a 2024 Data Privacy Week Champion

This year’s initiative emphasises educating businesses on data collection best practices that respect data privacy and promote transparency

BUI announced its commitment to Data Privacy Week 2024 by registering as a Champion. As a Champion, BUI recognises and supports the principle that all organisations share the responsibility of being conscientious stewards of personal information. Data Privacy Week is an annual expanded effort from Data Privacy Day – taking place from 21st – 27th of January 2024. The goal of Data Privacy Week is to spread awareness about online privacy among individuals and organisations. The goal is twofold: to help citizens understand that they have the power to manage their data and to help organisations understand why it is important that they respect their users’ data.

How To Prioritize Data Privacy With Your Customers

The US National Cybersecurity Alliance (NCA) recommends adopting the following market leading practices:

  • Be transparent about how you collect, use, and share consumers’ personal information.
  • Think about how the consumer may expect their data to be used.
  • Design settings to protect their information by default.
  • Communicate clearly and concisely to the public what privacy means to your organization, as well as the steps you take to achieve and maintain privacy.

Engage the experts

Remember that most employees aren’t privacy or security experts. You will need to build in mechanisms that make it easy for them to report privacy and security concerns to your experts. Just like tools for preventing privacy incidents are critical, tools that easily empower employees to report are necessary in your company’s privacy toolbox, too.

Outsourcing to professional cybersecurity companies takes a load off your plate and ensures you have the data protection you deserve.

Take Control of your data

All your online activity generates a trail of data. Websites, apps, and services collect data on your behaviours, interests, and purchases. Sometimes, this includes personal data, like your Social Security and driver’s license numbers. It can even include data about your physical self, like health data – think about how a smartwatch counts and records how many steps you take.

While it’s true that you cannot control how each byte of data about you and your family is shared and processed, you are not helpless! In many cases, you can control how you share your data with a few simple steps. Remember, your data is precious, and you deserve to be selective about who you share it with!

Follow these steps to better manage your personal information and make informed decisions about who receives your data.

About Data Privacy Week

Data Privacy Week began as Data Privacy Day in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the 28th of January 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. NCA, the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness, leads the effort in North America each year. 

For more information, visit https://staysafeonline.org/data-privacy-week/.

About the National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organisation on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organisations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good.

For more information about Data Privacy Week and how to get involved, visit https://staysafeonline.org.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

BUI supports global security awareness campaign

BUI supports global security awareness campaign

BUI is proud to participate in Cyber Security Awareness Month as a Champion Organisation for the sixth consecutive year. Founded in 2004, Cyber Security Awareness Month (held each October) is the world’s foremost initiative aimed at promoting cyber security awareness and best practices. The campaign is a collaborative effort among businesses, government agencies, colleges and universities, associations, non-profit organisations, communities and individuals to educate others about online safety.

“Knowledge and vigilance are essential when it comes to cyber security,” says BUI Global CEO Ryan Roseveare. “You need to know what to look out for. You need to know what to do when you see a red flag. And you need to be alert whenever you’re online. Cyber Security Awareness Month plays a key role in educating the public about common cyber risks and encouraging everyone to become more vigilant. BUI is pleased to join the international community in this focused effort to improve cyber security awareness worldwide.”

From smartphones to web-enabled home devices, technology is deeply intertwined with our lives. And while the evolution of technology accelerates, cybercriminals are working just as hard to find ways to compromise technology and disrupt our personal and business activities.

Cyber Security Awareness Month aims to highlight some of the emerging challenges that exist in the world of cyber security today and provide straightforward, actionable guidance which anyone can follow to create a safer, more secure digital world for themselves and their loved ones.

Starting this year, the new theme of Cyber Security Awareness Month is Secure Our World. The main messaging revolves around four cyber security practices:

  1. Creating strong passwords and using a password manager. The strongest passwords are long and unique, with a mixture of character types (lowercase letters, uppercase letters, numbers, and symbols).
  2. Enabling multi-factor authentication whenever possible. Multi-factor authentication, or MFA, adds an extra layer of security to digital accounts by making secondary authentication mandatory.
  3. Recognising and reporting phishing. Public awareness is essential as cybercriminals continue to refine their tactics for phishing scams conducted through emails, text messages, chats, and phone calls.
  4. Keeping software updated. The latest updates and security patches are important to install to ensure that operating systems, internet browsers, and applications are safeguarded.
  5. Cyber Security Awareness Month continues to build momentum and impact with the goal of providing everyone with the information they need to stay safe online. BUI is proud to support this far-reaching online safety awareness and education initiative, which is co-managed by the Cyber Security and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance.

    For more information about the 2023 Cyber Security Awareness Month campaign, you can visit the CISA and Stay Safe Online websites. You can also follow BUI on LinkedIn, Facebook and X (formerly Twitter) for helpful tips and resources throughout October, and join the global conversation by including the hashtag #CyberSecurityAwarenessMonth in your own social media posts.

Improve your security posture with an award-winning technology partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources. How are you protecting your IT environment?

Stay ahead of threat actors by choosing a comprehensive managed extended detection and response service from BUI. Contact our team to explore Cyber MXDR today.

Industry certifications to help boost your cybersecurity career

Keen to improve your job prospects in the field of cybersecurity? BUI Cloud Security Architect Neil du Plessis highlights the credentials that could give you a competitive advantage.

There’s a high demand for cybersecurity specialists equipped to help organisations defend themselves against cyberattacks. Industry certifications that validate your cybersecurity experience can be a great way to publicise your abilities, increase your earning potential, and boost your career prospects in this field.

Microsoft, the International Information System Security Certification Consortium, Offensive Security, and eLearnSecurity provide some of the most comprehensive cybersecurity certification courses on the market, according to BUI Cloud Security Architect Neil du Plessis.

Microsoft’s cybersecurity training path

Microsoft offers a variety of cybersecurity training options to help you achieve technical certifications that showcase your industry-relevant skills. Du Plessis advises starting with the SC-900 certification to get to grips with the fundamentals of Microsoft’s security, compliance, and identity solutions.

“You’ll gain valuable insights into the relationship between these solutions and how they can be leveraged to ensure end-to-end cybersecurity. After that, you can move on to technology-specific and role-based certifications in security operations, identity and access management, and information protection, in line with what you want to achieve professionally.”

Du Plessis recommends the following order:

“Microsoft has outlined its own recommended path for individuals looking to specialise in security, compliance, and identity, but I think you can adapt this learning journey to suit your personal outcomes,” says Du Plessis.

Quick Tip | The Microsoft Security, Compliance, and Identity Training and Certifications Guide contains more information about the SC-900, AZ-500, MS-500, SC-400, SC-300, SC-200, and SC-100 certifications, and Microsoft Learn has an extensive collection of free training materials to aid your studies and exam preparation.

Cybersecurity certifications from (ISC)²

The International Information System Security Certification Consortium – or (ISC)² – offers technology professionals a range of information security certifications. (ISC)² certifications are recognised globally and deal with everything from security administration to operations and management. These are the four that Du Plessis suggests:

Certified in Cybersecurity (CC) is an entry-level certification aimed at graduates, beginners, and novice practitioners in the field. “It’s designed to give you the foundational knowledge required to start a career in cybersecurity,” says Du Plessis. “If you’re new to the industry or perhaps changing your job focus, this could be the first rung on the ladder as you develop your skills.”

Systems Security Certified Practitioner (SSCP) is a credential that proves your ability to implement, monitor, and manage IT systems and infrastructure securely. “It’s a way to demonstrate your holistic understanding of the best practices, accepted policies, and international standards regarding security operations,” says Du Plessis. The SSCP certificate is a popular choice among experienced systems administrators, systems analysts, and systems engineers.

Certified Cloud Security Professional (CCSP) is best suited for information security leaders with experience in cloud security architecture, design, operations and orchestration. “With the CCSP certification behind your name, prospective employers will know that you have advanced capabilities when it comes to protecting critical cloud assets,” says Du Plessis.

Certified Information Systems Security Professional (CISSP) is widely regarded as the globe’s premier cybersecurity certification. “But it doesn’t come easy,” notes Du Plessis. “CISSP certification requires a substantial investment of both time and money. There’s a staggering volume of course information to get through, but the reward is well worth it. Plus, the credential itself can open new doors for you.”

In the United Kingdom, the CISSP certification is comparable to Level 7 of the Regulated Qualifications Framework. And in South Africa, many universities will accept CISSP as recognition of prior learning if you pursue a postgraduate study programme (to achieve an Honours degree, for example).

(ISC)² offers several other certifications, but Du Plessis cautions that they’re geared toward professionals in particular disciplines or industries. “If your focus area is governance and compliance, or risk management, then Certified Authorisation Professional (CAP) may be a good path to explore. But if your responsibilities include protecting sensitive patient data and medical records, then becoming a Healthcare Information Security and Privacy Practitioner (HCISPP) might make more sense.”

Quick Tip | The (ISC)² Cybersecurity Qualification Pathfinder tool can help you decide which certifications match your current and future career goals.

Niche credentials for specialised jobs in cybersecurity

Penetration testing and digital forensic investigation are highly specialised fields that require cybersecurity pros to expand their practical, technical, and analytical capabilities. “For those with the necessary credentials in these niches, there’s certainly no shortage of work,” remarks Du Plessis. “At BUI, our penetration testers are booked months in advance. And worldwide, there’s a growing demand for forensic experts who can help organisations uncover evidence of cybercrime.”

The OSCP (Offensive Security Certified Professional) course presented by Offensive Security is considered far more technical than other ethical-hacking qualifications on the market. “It’s also one of the few cybersecurity certifications that requires students to prove their practical skills in a test environment,” adds Du Plessis. “The combination of hands-on training and real-world simulation is hugely beneficial.”

The certifications offered by eLearnSecurity are also worth looking into – especially if you want to narrow your focus by specialising in penetration testing for web or mobile applications, says Du Plessis. The eLearnSecurity Certified Professional Penetration Tester (eCPPT) credential is recognised on all seven continents, and the Web Application Penetration Tester eXtreme (eWPTX) and Mobile Application Penetration Tester (eMAPT) certifications are respected in IT circles.

The eLearnSecurity Certified Digital Forensics Professional (eCDFP) accreditation is designed for senior technologists with existing cybersecurity knowledge. It focuses on the processes and methodologies used in modern digital forensics investigations.

These cybersecurity certifications are just a starting point. It’s always a good idea to do additional research to see what fits best for you. “Keep an eye on cybersecurity news sites, group forums, and social media, too,” advises Du Plessis. “The security industry is evolving rapidly. If you’re in the loop, then you’ll be able to update your skills accordingly with the right certifications.”

Join our global team of extraordinary technologists.

Bring your talents, skills, and unique perspectives to a collaborative community of technology professionals.

We’re always excited to grow the BUI community! Take a look at our current vacancies, listed on our career portal.

Practical pointers to help you improve workplace data security

Businesses that take a proactive approach to cybersecurity are better equipped to safeguard sensitive data and spot suspicious activity.

Keeping sensitive data safe and secure is a challenge for businesses of all sizes. Major shifts in the workplace – from in-person to remote and hybrid productivity – forced companies to change, or at least re-assess, their cybersecurity practices and protocols. And far too often, they were not adequately prepared for the evolving cyberthreat landscape.

In fact, according to CyberEdge’s ninth annual Cyberthreat Defence Report, more than 80% of organisations suffered from a successful cyberattack in 2021. With data privacy and data security top of mind, businesses are looking to strengthen their defences against cybercriminals. Here are four simple steps you can take to better protect your workplace data.

1 | Identify the ‘crown jewels’ of your business

Knowing what kind of data cybercriminals want is an essential part of your defence strategy. Therefore, creating an inventory of your so-called crown jewels (the most valuable data and data-related assets within your organisation, including hardware and software information) is important.

In addition, you should have a current (and actively maintained) list of every end-user who has access to your critical business data. Keep accurate records, with device and location details, so that you can carry out the necessary forensic investigations in the event of a data breach.

 2 | Make sure you’re updating and authenticating – always

Keep your operating systems, software packages and web browsers up to date and ensure that all devices have automatic updates enabled. When your connected environment is well maintained, with patches and updates carried out timeously, then your overall security posture is that much stronger.

In addition, make sure that your staff use multifactor authentication (MFA) when they log in. Simple username-and-password combinations are not enough to keep cybercriminals at bay, and MFA could mean the difference between a successful or an unsuccessful hack.

3 | Actively monitor your connected environment for suspicious activity

You should monitor your IT environment continuously to detect misconfigurations, vulnerabilities, breach attempts, and cyberattacks in real time. If you have dedicated cybersecurity personnel, they can implement endpoint security technology to help monitor your network. If not, you can bring in SecOps experts to actively identify, investigate, and mitigate cyberthreats 24/7/365.

Moreover, make sure that everyone in your organisation understands the importance of good cyber hygiene and is following the security policies you have in place. When your people know how to spot phishing attempts, for example, then they can respond appropriately.

4 | Prepare your response plan in advance

No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce the impact on your business and send a positive signal to your customers and employees. Therefore, you should have an incident response plan prepared in advance.

This document should be stored safely and your dedicated response team should be able to access it quickly when the need arises. Make sure your incident response plan includes clearly defined technical, operational, legal, and communication-related steps for your team to follow.


BUI is proud to be a Champion organisation for the 2022 edition of Cybersecurity Awareness Month. This article was originally provided by the National Cybersecurity Alliance and is republished here with permission.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

Three ways to improve your household cybersecurity

Your home network is your gateway to the internet. Are you taking appropriate measures to protect your connected household from cyberattackers?

The COVID-19 pandemic forced people to embrace working from home – a concept they had little or no experience with at the time. Many employees have since returned to the office, but remote work remains a popular choice. According to the 2022 State of Remote Work report by Buffer, 97% of remote workers would like to work remotely, at least some of the time, for the rest of their careers. As remote and hybrid work models continue to evolve, it’s vital for households to be vigilant about cybersecurity.

Most households are linked to the internet in some way. They can be hard-wired to the net or they can leverage wireless technology to connect computers, gaming systems, TVs, tablets, mobile phones and smart home devices to the worldwide web. Having the right cyber protection in place is essential to ensure that everyone in the home can use the internet safely and securely for personal and professional activities. Here are three simple ways to improve your household cybersecurity.

1 | Secure your wireless router

Using a wireless router is a convenient way to allow multiple devices to connect to the internet from different areas of your home. However, unless your router is secure, you risk the possibility of outsiders accessing information on your devices or using your network for nefarious purposes.

It’s important to secure your router from Day 1. Manufacturers assign preset passwords to routers – and these defaults are often weak or easy to guess. If you leave the factory-set password in place, then you effectively leave the door open for cybercriminals to breach your home network. Make sure you change the default router password when you set up the machine itself.

2 | Install security software on household devices

All devices connected to your home network should have security software installed – and updated regularly. Many modern devices have automatic update features, and you should enable them to ensure that your gadgets function optimally and securely at all times.

With the most up to date security software, operating systems and web browsers, your household devices will be better protected against viruses, malware and other cyberthreats.

3 | Back up household data

While steps can be taken to reduce the chance of your household network, devices and user accounts being hacked or compromised, they can never be 100% effective. Households should embrace the practice of backing up data.

You can protect your valuable work, photos and other digital information by making electronic copies of important files and storing them safely. This can be done using cloud software in addition to manual storage devices like portable hard drives and USBs.

By taking simple, proactive steps like these in your own home, you can defend your household members against online fraudsters and scammers.

BUI is proud to be a Champion organisation for the 2022 edition of Cybersecurity Awareness Month. This article was originally provided by the National Cybersecurity Alliance and is republished here with permission.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

Four basic online safety tips to remember

If you look out for phishing scams, protect your passwords, and update your devices regularly, then you can improve your online safety.

Cybersecurity has become one of the biggest topics inside and outside of technology circles over the past two years. From securing personal devices for digital learning and remote work during the COVID-19 pandemic to safeguarding corporate data against cyberattacks, there’s been a seemingly endless news cycle dedicated to concerns around online safety.

It’s easy to feel overwhelmed or even powerless in the face of rapidly increasingly cybercrime, especially when there are fresh headlines about data breaches and phishing scams almost every day. But end-users – the people using technology to communicate, collaborate and connect – have an important role to play as the first line of defence when it comes to thwarting scammers, fraudsters and threat actors.

Unfortunately, many individuals are not aware of the most basic cybersecurity practices for everyday life. During Cybersecurity Awareness Month this October, Champion organisations like BUI are trying to change that – by sharing practical, actionable tips to help everyone #BeCyberSafe. Here are four basic online safety tips that you can implement right now.

1 | Watch out for phishing scams

Phishing (when a cybercriminal poses as a legitimate party in the hope of getting individuals to engage with malicious content or links) remains one of the most popular tactics among cybercriminals. In fact, about 90% of data breaches occur due to phishing, according to Cisco’s 2021 Cybersecurity Threat Trends report.

While phishing has grown more sophisticated, suspicious email characteristics (like poor spelling and grammar, typos, low-quality graphics and fake logos in a message) can be a tell-tale sign that the content is risky. Read our explainer blogs – Phishing: Can you spot these common types? and Three ways to shore up your defences against phishing – to learn more.

And remember… If you think you have spotted a phishing attempt, be sure to report the incident to your internal IT teams and service providers so that they can remediate the situation and prevent others from possibly becoming victims.

2 | Protect your passwords

Having a unique, long and complex password for each of your accounts is one of the simplest ways to boost your online safety. And yet, only 43% of the public say that they “always” or “very often” use strong passwords, according to the National Cybersecurity Alliance’s 2022 Cybersecurity Attitudes and Behaviours Report.

Password cracking is one of the go-to tactics that cybercriminals turn to in order to access sensitive information. And if you are a “password repeater”, once a cybercriminal has hacked one of your accounts, they can easily do the same across all of your accounts. Read our blog – The importance of digital identity management – to find out why it’s vital to make your login credentials rock solid.

3 | Enable multifactor authentication

Multifactor authentication or MFA – which prompts a user to input a second set of verifying information or to sign-in via an authenticator app – is a very effective measure that anyone can employ to reduce the chances of a cybersecurity breach.

According to Microsoft, MFA can block over 99.9% of account compromise attacks. Therefore, it is a must for any individual who is looking to secure their devices and accounts. Remember, multifactor authentication – from one-time PINs to biometric scans – will put an extra barrier between your sensitive data and the cybercriminals who want to access it.

Read our blog – Three simple ways to improve your data privacy – to explore other ways of protecting your personal information.

4 | Turn on automatic updates

Making sure that your devices are up to date should be an essential part of your cybersecurity routine. Don’t ignore software updates and patches! Cybersecurity is an ongoing effort, and updates are important for device maintenance and security.

Instead of trying to remember to check for updates, enable automatic updates whenever you can. This way, you’ll reduce your chances of having older, possibly vulnerable or risky versions of software that could be exploited by cybercriminals.

BUI is proud to be a Champion organisation for the 2022 edition of Cybersecurity Awareness Month. This article was originally provided by the National Cybersecurity Alliance and is republished here with permission.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

BUI named MXDR partner for Microsoft’s new business security services

BUI is proud to announce its selection as a Managed Extended Detection and Response (MXDR) partner for Microsoft’s new business security services, Microsoft Security Experts.

Microsoft Security Experts was unveiled this month and includes three new managed services: Microsoft Defender Experts for Hunting, Microsoft Defender Experts for XDR, and Microsoft Security Services for Enterprise. Two existing services – Microsoft Security Services for Modernization and Microsoft Security Services for Incident Response – are now also part of this portfolio.

As an MXDR partner, BUI will work in conjunction with Microsoft to manage extended detection and response services for some of the largest enterprise customers globally, from threat monitoring to mitigation and investigation.

“We’re excited to continue our security journey with Microsoft,” says BUI Managing Director Ryan Roseveare. “This new collaboration builds on our longstanding relationship, and we look forward to working alongside Microsoft to help customers protect and defend their IT environments from emerging cyberthreats.”

A timely development

In 2021, Microsoft security technology blocked over 9.6 billion malware threats and more than 35 billion phishing emails and malicious messages. “Technology is critical, but it’s the combination of leading technologies, comprehensive threat intelligence, and highly skilled people that makes for a truly effective security posture,” notes Vasu Jakkal, Microsoft Corporate Vice President: Security, Compliance, Identity, and Management.

Roseveare agrees. “The cybersecurity landscape is incredibly complex. You need comprehensive tools and holistic knowledge to navigate it successfully. Here at BUI, we’ve focused on building both: our Cyber Security Operations Centre is a state-of-the-art facility designed to leverage and integrate with Microsoft technology, and our security specialists are world-class technologists with a deep understanding of the challenges that businesses are facing today.”

BUI’s tried-and-tested blend of people, process and technology will be critical going forward, adds Roseveare, given the alarming increase in the number and sophistication of cyberattacks.

A trusted partner

BUI was part of a select group of Microsoft Partner organisations involved in the development of Microsoft Security Experts. As a Microsoft Azure Expert MSP, a managed security service provider, and a member of the Microsoft Intelligent Security Association, BUI is consistently recognised as a strategic partner for cybersecurity innovation. BUI holds nine Microsoft Advanced Specializations – including Cloud Security and Threat Protection – and earned Microsoft South Africa’s Security Partner of the Year Award in 20212020, and 2019.

“We’re serious about security. We always have been,” says Roseveare. “We’ve earned the trust and loyalty of customers around the world because we provide the best possible security solutions and the right advice. As an MXDR partner for the Microsoft Security Experts portfolio, we’ll continue to put our expertise to work for customers – because we’re here to help them safeguard their business resources, from the endpoint to the cloud,” he concludes.

Improve your security posture with an expert partner.

Cybercriminals are targeting businesses large and small to try to gain access to sensitive, confidential, or proprietary data and resources.

What steps have you taken to prevent a breach? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

Are your endpoint security measures tough enough for the times?

More than 80% of enterprises had embarked on a hybrid workplace journey by the middle of 2021. Today, the combination of on-site, remote, and mobile productivity is considered part of the new normal – but it also presents significant challenges for corporate cybersecurity teams.

With employees working from so many different locations, using multiple devices and methods of connectivity, managing and monitoring endpoints is a demanding job. And the task is further complicated by the status quo: as personal and professional lives overlap, the lines between home equipment and business equipment are being blurred.

In a recent survey, 46% of employees admitted using their corporate laptop for “life admin” – including online shopping and social media – and 30% said they had allowed someone else to use their work device.

Alongside these emerging trends in device use and misuse, there is substantial evidence that the cyberthreat landscape has been changed irrevocably – by the COVID-19 pandemic and by rapid digital transformation. As the world grappled with the first wave of coronavirus cases in early 2020, there was a 238% spike in cyberattack volume.

Threat actors took advantage of the sudden shift to home-based and remote productivity – and no industry was spared. Miners, manufacturersfinancial institutions, healthcare providers, retail outlets, non-profit organisations, and even schools and universities were targeted. Unsecured endpoints – from smartphones to printers – were often exploited during these cyberattacks.

According to the International Data Corporation, 70% of all successful network breaches begin on endpoint devices. To safeguard your enterprise network, you need to monitor every endpoint. You need to apply controls and restrictions. You need to identify anomalies. And you need to respond to threats as they occur. How does your endpoint security strategy measure up?

Are you managing vulnerabilities?

For comprehensive security, you have to be able to identify, assess, and remediate endpoint vulnerabilities and threats in real time. Loopholes and misconfigurations are weaknesses that cybercriminals will try to exploit.

Are you reducing the attack surface?

To minimise your exposure to cybercrime, you have to reduce your attack surface. With stringent controls for devices, applications, and folders, plus comprehensive defences against network intrusions and malware, you can lessen the risk to your resources.

Have you enabled endpoint detection and response?

When you’re proactive about threat hunting within your IT environment, you can harness the power of machine learning, big data, and advanced analytics to detect suspicious behaviours and malicious activities on endpoints – and remediate cyberthreats when they occur.

Have you automated investigation and remediation?

High volumes of security alerts and notifications can overwhelm corporate cybersecurity teams and delay their response times. Leverage the security tools at your disposal and apply decision-making algorithms to investigate and resolve security issues automatically, and at scale.

Continuous threat intelligence from endpoints is critical to help your security teams provide robust protection across your enterprise environment. With full endpoint visibility, you will be better positioned to eliminate potential penetration points, monitor emerging threats, and improve your overall security posture.

Get advanced security with Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint uses a combination of technologies built into Windows 10 and Microsoft’s cloud service to generate continuous threat intelligence.

Talk to our experts to learn more about Defender for Endpoint’s advanced threat protection, centralised management, and detailed reporting features.