Understanding Compliance Between Commercial, Government, DoD & Secret Offerings - July 2025 Update
Understanding compliance between Commercial, Government, DoD & Secret Offerings: There remains much confusion as to what service supports what standards best. If you have CMMC, DFARS, ITAR, FedRAMP, CJIS, IRS and other regulatory requirements and you are trying to understand what service is the best fit for your organization then you should read this article.C-suite execs expect cyberattacks targeting financial data to increase this year
The financial data stored by organizations is often critical and sensitive, which is why this type of information is frequently in the crosshairs of cybercriminals. The theft and leaking of such data can easily hurt business dealings and other transactions, especially for publicly-traded companies. A report released Wednesday by research center Deloitte Center for Controllership reveals expectations of https://www.slideshare.net/DeloitteUS/almost-half-of-executives-expect-a-rise-in-cyber-events-targeting-accounting-and-financial-data-in-year-ahead.For this report, Deloitte surveyed more than 1,100 executives from the C-suite and other executives during a webcast on Oct. 26, 2022. The participants were asked about attacks targeting the financial and accounting data of their organizations. Financial and account data specifically targeted Among those surveyed, 34% said that their accounting and financial information was specifically targeted by cybercriminals over the past year. Within that group, 22% said they were hit by one such attack, while 12% said they were victimized by more than one. Looking ahead, almost half (49%) of the executives polled expect both the volume and size of cyberattacks targeting this type of data to increase in the coming year. Some 22% said they anticipate no change, while only 3% said they expect such attacks to decrease. Alignment between cybersecurity and finance groups Since financial and accounting data is such a lucrative and tempting target for cybercriminals, a close relationship between an organization’s cybersecurity group and its financial group seems in order; however, just 20% of the respondents said that the two groups in their business are working together closely and consistently. Some 42% said the groups in their organization are somewhat aligned, working together as needed but more inconsistently, and 11% said the two groups in their environment don’t work together at all. Recognizing the importance of a closer relationship between cybersecurity and finance, 39% of those surveyed said that they expect an increase over the next 12 months in the way the two groups work together. Some 29% said they anticipate no changes, while just 3% said they expect the relationship between the two groups to decrease. “Accounting and financial data is the lifeblood of organizational operations — and often meant to be kept confidential outside of highly regulated public disclosures for publicly traded organizations,” Temano Shurland, a Deloitte risk and financial advisory principal in finance transformation, said in a press release. “While there may not have been much need for accounting, finance and cyber teams to work closely in the past, recent years have shown that’s no longer the case. We strongly recommend that these teams try to ‘learn each other’s languages’ and tighten their working relationships across silos.” The theft and compromise of financial and accounting data can have a large impact on an organization. When asked whether they have a process to identify the financial impact of the potential cyberattacks on this type of data, 25% of those polled said they do, 17% said they don’t currently but do plan to have one in the next 12 months, and 20% said they have no plans to implement such a process. How to protect financial data against attacks To help organizations with financial and account data better protect this information from compromise, Daniel Soo, a Deloitte risk and financial advisory principal in cyber and strategic risk, offers the following advice. 1. Understand the data Organizations should start off with a strong understanding of their high-value finance or accounting data. 2. Security teams need to work with the business If the high-value financial data isn’t well understood or defined, security staffers should work with the appropriate business groups to help with this process. The key is to understand how the data supports business operations to determine what is and is not an acceptable use of the data. 3. Bake security into the systems Security should be designed into the financial systems that hold the data. To that end, integrating the right security and applying the right controls demands close coordination between the security group and other business teams. “This helps balance cyber risk management needs with business needs to execute day-to-day operations with minimal disruption,” Soo explained. “In fact, we’ve seen leading organizations also solicit end-user inputs on data security efforts to support organizational change management, while also leveraging security technology and processes to help automate, scale and secure data as efficiently and effectively as possible.”AZ-500: Microsoft Azure Security Technologies Study Guide
The AZ-500 certification provides professionals with the skills and knowledge needed to secure Azure infrastructure, services, and data. The exam covers identity and access management, data protection, platform security, and governance in Azure. Learners can prepare for the exam with Microsoft's self-paced curriculum, instructor-led course, and documentation. The certification measures the learner’s knowledge of managing, monitoring, and implementing security for resources in Azure, multi-cloud, and hybrid environments. Azure Firewall, Key Vault, and Azure Active Directory are some of the topics covered in the exam.CISA, OMB, ONCD and Microsoft collaborate on new logging playbook for Federal agencies
As part of our efforts to increase security defaults and follow the principle of secure by design, we are happy to share that a feature change initiated by Microsoft engineering will enable more logging capabilities for Purview Audit (Standard). We have worked closely with the Executive Office of the President (EOP), the Office of the National Cyber Director (ONCD), and the Cybersecurity and Infrastructure Security Agency (CISA) to prioritize this effort for U.S. government customers.Microsoft Intune in GCC and GCC High Overview + CMMC Applications
Organizations can meet CMMC compliance for specific practices across several different domains using Microsoft Intune in GCC or GCC High in combination with configuration settings and policies in Azure Government and Microsoft Defender for Endpoint.Microsoft Copilot for Security and NIST 800-171: Access Control
The second blog in this series will dive into the very first requirement family - Access Control (3.1) - and how organizations may deploy Microsoft Copilot for Security (Security Copilot) to meet the requirements entailed. This requirement family is arguably one of the most paramount because of the remarkable growth in identity-based attacks and the need for identity architects and teams to work more closely with the Security Operations Center (SOC). Microsoft Entra data noted in the Microsoft Digital Defense Report shows the number of “attempted attacks increased more than tenfold compared to the same period in 2022, from around 3 billion per month to over 30 billion. This translates to an average of 4,000 password attacks per second targeting Microsoft cloud identities [2023]”.
