5 Practical Lessons from the Latest Microsoft Digital Defense Report
Microsoft blocks 600 million cyberattacks every single day, and yet identity breaches, ransomware and accelerated scams are still popping up faster than most small and midsized businesses (SMBs) can knock them down.
The most recent Microsoft Digital Defense Report (MDDR) reveals five standout patterns that point the way toward smarter defense. From stubborn password problems to ransomware gangs tampering with your security tools and sprawling attack paths leaving “crownjewel” assets exposed.
Here are some tips on how to turn those insights into action—and solve some of today’s highest risks.
1. Protect the Passwords
According to Microsoft, 99% of identity attacks still aim for passwords; in fact, they block roughly 7,000 password-based attacks every second. It’s a stubborn problem, but one of the best ways to fight back is to move toward phishing-resistant Multi-Factor Authentication (MFA).
Technologies like passkeys (FIDO2, Windows Hello) and number matching in Microsoft Authenticator make common tactics like credential replay, spraying and phishing much harder to pull off.
SMB action plan: Enforce MFA across the board. Mandate passkeys for admins and use Conditional Access policies based on user location or device. Inversion6 offers a quick-start sprint to roll out tenant-wide Entra ID policy hardening.
2. Assume Ransomware Will Strike
Ransomware is no longer just an opportunistic threat; it's becoming much more sophisticated and persistent. According to the MDDR, human-operated ransomware attacks have nearly tripled year over year.
Attackers are also evolving fast, employing more sophisticated tactics like disabling or tampering with antivirus or EDR tools before launching their full-scale attack. In just one month, Microsoft observed 176,000 of these sorts of tampering events.
SMB action plan: Lock down tamper protection in Microsoft Defender and deploy Intune security baselines. Segment your backups away from the main network and rehearse recovery with “assume breach” scenarios—including just-in-time admin access using Privileged Identity Management (PIM).
3. Shorten Your Attack Paths
According to Microsoft, 90% of organizations have at least one attack path that leads directly to sensitive accounts. Even worse, 40% of those paths involve lateral movement through non-interactive Remote Code Execution (RCE).
The good news? Less than 1% of assets are truly mission-critical, making prioritization achievable.
SMB action plan: Use exposure management tools to scan for attack paths. Identify the top three high-risk chains and implement zero trust segmentation to block lateral movement and safeguard crown jewel assets.
4. Get Ready for an AI Arms Race
Right now AI is powering both the good guys and the bad. Hostile nation-states and cybercrime groups are using AI-generated images, deepfake audio and realistic spear-phishing kits to scale and personalize attacks.
Meanwhile, defenders are using Microsoft’s Security Copilot and Defender XDR to cut incident triage time. These tools can be powerful, assuming they’re properly set up and trained.
SMB action plan: investigate Microsoft Security Copilot or engage a Managed Security Service Provider (MSSP) to co-manage the tool. For key processes, consider adding voice biometrics as a fallback authentication method. Update your incident response runbooks to include steps for verifying deepfakes.
5. Fight Fraud with Better Tools & Training
Fraud isn’t just rising, it’s exploding. According to Microsoft, tech support scams now generate over 12 million hits per day, eclipsing traditional malware and phishing. Analysts also report a 58% spike in phishing, including newer tactics like QR code lures and inbox rule manipulation. Meanwhile, covert app-layer DDoS attacks peaked at 4,500 per day in June 2024; a reminder that availability is also a security issue.
SMB action plan: Enable Microsoft Defender for Office Safe Links, which now rewrites malicious QR codes. Run quarterly phishing simulation drills and reward employees who report suspicious messages. For public-facing apps, invest in Azure DDoS Network Protection or a comparable service to protect against disruptions.
Inversion6’s Microsoft Security Assessment benchmarks your organization against these key areas and more. Even better, we’ll deliver a 90-day remediation roadmap customized for your business.
Contact us today to learn more.