Skip to main content

Follow security recommendations to improve BEC, CIS Foundations, and Ransomware Protection Initiative Scores

Implementation Effort: Medium - Customer IT and Security Operations teams need to drive projects to manage and improve the security posture against BEC attacks.
User Impact: Medium - A subset of non-privileged users may need to take action or be notified of changes.

Overview:

  • Business Email Compromise (BEC) Business email compromise (BEC) financial fraud is a social engineering attack that aims to steal money or sensitive information. The attacker tricks the target into believing they're interacting with a trusted entity to conduct either personal or professional business. After deceiving the target, the attacker persuades them to share valuable information or process a payment.
  • CIS Benchmarks The CIS Microsoft 365 Foundations Benchmark (v3.0.0) is a set of security assessments developed by the Center for Internet Security (CIS). It provides prescriptive guidance for establishing a secure baseline configuration for Microsoft 365. The benchmark includes configuration baselines and best practices for securely configuring a system. The benchmark is internationally recognized as a security standard for defending IT systems and data against cyber attacks. This initiative contains a subset of security assessments recommended by the CIS
  • Ransomware Protection Ransomware attacks have become increasingly common in recent years, and they can have a devastating impact on organizations. Organizations can and should be proactive in managing a good security posture against ransomware. One of the first steps is to ensure that recommended controls are in place and are utilized and configured properly, hence reducing the risk of a successful ransomware attack making way into corporate networks and assets.

Reference: