Svoboda | Graniru | BBC Russia | Golosameriki | Facebook
Trace Id is missing
Download the report
Download the executive summary
Share

How we’re building and improving Cyber Resilience

Welcome to the Microsoft Digital Defense Report. As the digital domain continues to evolve, defenders around the world are innovating and collaborating more closely than ever. In this fourth annual edition of the report we share actionable steps and valuable insights from what we’re seeing for the reporting period from July 2022 through June 2023.

“Artificial Intelligence will be a critical component of successful defense. In the coming years, innovation in AI-powered cyber defense will help reverse the current rising tide of cyberattacks.”
Tom Burt, Corporate Vice President, Customer Security and Trust, Microsoft

As a company committed to making the world a safer place, Microsoft has invested heavily in security research, innovation, and the global security community. While AI is transforming cybersecurity, using it to stay ahead of threats requires massive amounts of data. We have access to a diverse range of security data which puts us in a unique position to understand the state of cybersecurity and to identify indicators that can help predict the next moves of attackers.

This year's report draws on insights from these and other sources across Microsoft and the ecosystem:

Infographic image highlighting the key report insights
Read full report

One crucial point stands out: the vast majority of successful cyberattacks could be thwarted by implementing a few fundamental security hygiene practices.

How can we protect against 99% of attacks? Basic security hygiene still protects against 99% of attacks. Enable multifactor authentication (MFA), apply Zero Trust principles, Use extended detection and response and antimalware, keep up to date, and protect data. Outlier attacks make up just 1%. How effective is MFA at deterring cyberattacks? A recent study based on real-world attack data from Microsoft Entra found that MFA reduces the risk of compromise by 99.2 percent
Basic security hygiene still protects against 99% of attacks. Enable multifactor authentication (MFA), apply Zero Trust principles, Use extended detection and response and antimalware, keep up to date, and protect data. Outlier attacks make up just 1%.  How effective is MFA at deterring cyberattacks? A recent study based on real-world attack data from Microsoft Entra found that MFA reduces the risk of compromise by 99.2 percent.

The fundamentals of cyber hygiene

  • This protects against compromised user passwords and helps to provide extra resilience for identities.
  • The cornerstone of any resilience plan is to limit the impact of an attack on an organization: explicitly verify, use least privilege access, and always assume breach.
  • Implement software to detect and automatically block attacks and provide insights to the security operations software. Monitoring insights from threat detection systems is essential to being able to respond to threats in a timely fashion.
  • Unpatched and out-of-date systems are a key reason many organizations fall victim to an attack. Ensure all systems are kept up to date including firmware, the operating system, and applications.
  • Knowing your important data, where it is located, and whether the right defenses are implemented is crucial to implementing the appropriate protection.

Threat actors represented in the 2023 Microsoft Digital Defense Report

Tracked activity including nation-state, ransomware, and cyber mercenaries by designated storms
Learn more
Aerial view of a city with many buildings

The State of Cybercrime

While cybercriminals remain hard at work, the public and private sectors are coming together to disrupt their technologies and support the victims of cybercrime.
Learn more
A tornado coming out of the sky

Nation State Threats

Nation state cyber operations are bringing governments and tech industry players together to build resilience against threats to online security.
Learn more
The ship with a container is in the river, and a truck is on the bridge

Critical Cybersecurity Challenges

As we navigate the ever-changing cybersecurity landscape, holistic defense is a must for resilient organizations, supply chains, and infrastructure.
Learn more
A person sitting at a desk looking at a computer screen

Innovating for Security and Resilience

As modern AI takes a massive leap forward, it will play a vital role in defending and ensuring the resilience of businesses and society.
Learn more
Lot of fish in the water

Collective Defense

As cyberthreats evolve, collaboration is strengthening knowledge and mitigation across the global security ecosystem.
Learn more

More from Security

Our commitment to earn trust

Microsoft is committed to the responsible use of AI, protecting privacy, and advancing digital safety and cybersecurity.
Learn more

Threat Intelligence reports

Find the latest threat intelligence reports informed by the latest Microsoft threat data and research that provides trends analysis and guidance to help strengthen the first line of defense.
Browse reports

Microsoft Digital Defense report archives

Explore previous Microsoft Digital Defense Reports and see how the threat landscape and online safety has changed in a few short years
Browse reports

Follow Microsoft