Microsoft’s Digital Defense Report 2022 addresses the state of cybercrime, nation state threats, devices and infrastructure, cyber influence operations, and cyber resilience.
- One of the highlighted findings is that nation states stockpile zero-day vulnerabilities and exploits for future use. In my opinion, a nation state is not serious about preparing for a future conflict if they do not stockpile vulnerabilities to use during a crisis, and it should not be a surprise that zero days are withheld, but quickly exploited once they are discovered by others and patched.
- The summary is a quick read which should grab your CISO’s attention. Then grab the full report and dive into the Cyber Resilience section. Check the eye roll at that term: they provide background and context information for the improvements in cyber security that you can leverage in the board room and elsewhere in the business to get support for raising the bar along with actionable insights which could also help you build your punch list of things to investigate.
Read more in
- Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
- Microsoft Digital Defense Report 2022 (PDF)
- Microsoft: Nation-State Actors Zero in on Critical Infrastructure, Unpatched Flaws
- China is likely stockpiling and deploying vulnerabilities, says Microsoft
- Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge