In the third of this three-part series, I share why organizations need to implement a Zero Trust security model to keep corporate and customer data secure.

(Source: Vintage Everyday)

Until the late 1980s, it was relatively common for employees to be physically located at a workstation, computer or kiosk, working inside offices, banks, factories, retail stores, gas stations, hospitals, hotels and so forth. As laptop computers and became mainstream from the early 1990s, there began a shift in the way people access information, where that information lives and also the devices are mobile (not fixed). Information no longer resides exclusively or at all…


In the second of this three-part series, I identify common identity-related attacks to be aware of, both as an enterprise that needs to safeguard users and customers from identity theft, and as an end user consuming online services and apps on your computer, smartphone, or other device.

(Source: Flickr)

In my first blog post, I shared real and potential incidents that underscore the importance of protecting identity, both in the physical and online realms.

Now, I will share 3 common identity related attacks and recommendations for how to mitigate risk:

  1. Spear phishing (also known as man-in-the-middle, credential interception) — attacker sends a very targeted email to a specific organization or user to trick them into sharing sensitive information like passwords, usernames, and credit card details for malicious reasons. The email will be carefully crafted to get the immediate attention of and increase probability of attacker success. This attack preys on users’ temptation and naivete to rapidly click and view an email that appears at a…


Trust is eroding — making safeguarding identities critical.

(Source: Giphy)

Growing up, I was used to having an unlocked house mailbox and trusting others to not pry into my mail. I took the safety of an unlocked mailbox for granted — not anymore. In the last few months, multiple neighbors and relatives have had their mailbox broken into by adversaries wanting to view, steal, and even move mail to an unknown location, far from the mailbox owner.

Because the US Postal Service is a federal agency, mail theft is charged as a federal offense under US Code Section 1708. Imagine if a criminal were to use information they…


In a previous blog post, I shared that when organizations are embracing hybrid and cloud infrastructures, they need to be vigilant against certain cyber attacks. Here are 5 security recommendations to keep in mind as you adopt cloud services.

(Source: Microsoft)

5 security recommendations for organizations adopting cloud services:

1. Remember that security is a shared responsibility between the cloud service provider and the data owner (you)— and that’s a good thing! In particular, larger cloud providers tend to have a significant security staff and standard cloud architecture, security controls and diverse audits, making them better served to manage various aspects of cloud security. However, there are some aspects for which you as the data owner need to take responsibility.

Knowing who is responsible and to what degree varies depending on the cloud environment and the portion(s) of the technology stack the cloud service provider is responsible for: With…


Organizations embracing hybrid and cloud infrastructures are experiencing the benefits of business agility and operational cost savings. But what happens when an adversary brings their nefarious intentions to the same cloud?

Embrace the benefits of the cloud while protecting against risks (Source: Getty Images)

Organizations are embracing hybrid and cloud infrastructures to host their applications and experience benefits including greater business agility and operational cost savings. But what happens when an adversary lurks around the cloud with nefarious intentions?

In an earlier blog post, I shared a few benefits of embracing the cloud, including:

  1. Unlike traditional, on-premises datacenters, the cloud offers highly scalable resources for running applications and managing data.
  2. The responsibility for security doesn’t have to exclusively rest with the cloud tenant. It can be shared with the cloud provider, which can reduce the burden on the tenant.
  3. Compared to on-premises datacenters, the cloud can be more energy efficient.

According to Gartner, the worldwide public cloud services market…


In Part 1, I provided an overview of drive-by download (DbD) attacks. Today, I share 5 recommendations for reducing the risk of such attacks when browsing online or opening email links, whether you are a developer, IT professional, or an end user.

It takes all of us to mitigate the risk of cyber threats, including drive-by downloads. (Source: Getty Images)

While developers and IT professionals are responsible for developing secure code and maintaining security of systems and applications, users also need to be savvy enough to securely navigate technology in this connected era. It takes an army — not any single team or person in an organization — to mitigate drive-by-downloads and other cyber threats.

5 recommendations for Developers and IT professionals to manage risk from DbD attacks:

  1. Keep the web servers’ operating systems and other software up to date and keep all security patches up to date.
  2. Check out Security Development Lifecycle (SDL) Quick Security Reference Guides (e.g. Microsoft SDL practices) for the latest updates.
  3. Remove all unnecessary services to minimize the…

Whether you are driving down a questionable road or browsing an unfamiliar web site, be sure to know the risks to help avoid unintended consequences.

Driving and online browsing require caution. (Source: Getty Images)

Imaging you are driving a car through an unknown part of town. You blindly follow directions using a voice-assisted navigation assistant on your mobile phone. Perhaps the surroundings are so disorienting that you fail to notice another car trailing yours and taking many of the same turns. Could the driver be attempting to follow you home?

In our hurry to “get there fast” both on the road and on the web, we sometimes overlook signs that warn us of impending danger.

What is a “Drive-By Download” attack?

A drive-by download (DbD) attack occurs when an unsuspecting user visits a web site and unintentionally downloads malicious code…


When you hear the word “resilience”, you may not think of survival first, but it is key for surviving the physical and digital worlds.

Resilience is human. (Source: Getty Images)

So, what exactly is resilience?

According to Merriam Webster, ‘resilience’ is defined as “an ability to recover from or adjust easily to misfortune or change”. Without resilience, we simply cannot live. People endure poverty and hunger; towns recover after a major disaster; even babies must leave the comfort and security of the womb to grow and survive. All of these things require resilience to be possible.


In 2018, for the Asia-Pacific region, we observed a higher malware rate than the global average. Here we share some cybersecurity hygiene tips to help reduce malware risks.

In Part 1 of “What we learn from analyzing global malware trends”, we noted that in 2018, global malware encounter rates declined. We shared 3 reasons explaining this trend, but noted that there are still parts of the world where the malware encounter rate remains high.

(Source: Microsoft Security Intelligence Report v24)

An analysis of the Asia Pacific market* for the period Jan 2018 — Dec 2018 reveals that the region’s average malware encounter rate was 37% higher than the global average. The infographic above shows the three countries with the highest encounter rates and three with the lowest. …


In 2018, we observed an overall decline in malware encounter rates. That said, there is still a long way to go depending on what part of the world you live in…

(Source: Getty Images)

This is a rare sentence in the security world, but we actually have some good news: From January to December 2018, global malware encounter rates declined approximately 34% according to research from Microsoft’s Windows Defender Security Intelligence team. Why?

Seema Kathuria

Work for Microsoft in Cybersecurity Solutions Group, with 15+ years of experience marketing IT security and robotics technologies. Mother, Bollywood singer :)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store