131 Continental Drive
Suite 305
Newark, DE 19713
United States
SCO 515, Third Floor
Sector 70, Mohali
Punjab, 160055
Follow Us on Social -

9 Essential Insights from the Microsoft Digital Defense Report 2023

The article outlines 9 key insights from the 2023 Microsoft Digital Defense Report, including topics such as basic security practices, ransomware trends, password attacks, BEC incidents, nation-state targeting, IoT/OT vulnerabilities, AI-powered cyberattacks, and supply chain risks.
  1. 99% of attacks can be prevented by basic security hygiene:
Implementing fundamental security practices such as enabling MFA, applying Zero Trust principles, using XDR and antimalware, keeping systems up to date, and protecting data can prevent most cyberattacks.
Basic security hygiene still protects against 99 of attacks_Microsoft Digital Defence Report 2023
  1. Human-operated ransomware attacks increasing:
Ransomware attacks have tripled since September 2022, and are often carried out by human operators who exploit remote access vulnerabilities.
Human operated ransomware attacks increasing_Microsoft Digital Defence Report 2023
  1. Password attacks are soaring:
Password spray and brute force attacks have increased by 300% and 250% respectively in 2023, as attackers take advantage of remote work and cloud services. Password less authentication and identity protection are essential to stop these attacks.
Password attacks dramatically rise Microsoft Degetal Defence Report 2023
  1. Business Email Compromise (BEC) reaches a new peak:
BEC phishing targets specific people in an organization, often pretending to be executives or trusted partners, and tries to trick them into sending money or information. BEC attacks have increased by 250% in 2023, and the average loss per incident was over $75,000. BEC attacks have increased by 250% in 2023, and the average loss per incident was over $75,000.
Business Email Compromise BEC at an all time high Microsoft Digital Defence Report 2023
  1. Nation-state actors target a wider range of sectors and organizations:
Nation-state actors are not only attacking governments and critical infrastructure, but also healthcare, education, media, and NGOs. Microsoft tracked 16 nation-state groups in 2023 and saw over 35,000 attacks from these groups.
Nation state threat actors global target set expands Microsoft Digital Defense Report 2023
  1. Nation-state actors combine cyberattacks and influence operations:
Some nation-state actors are using both cyberattacks and influence operations to achieve their goals, such as interfering with elections, spreading false information, or undermining trust in institutions. Microsoft detected and disrupted several such campaigns in 2023, and shared threat intelligence with customers and partners.
  1. IoT/OT devices increasingly at risk:
Internet of Things (IoT) and Operational Technology (OT) devices are becoming more prevalent and connected, but also more vulnerable to cyberattacks. Microsoft observed a 35% increase in IoT/OT attacks in 2023 and identified several new malware families targeting these devices.
IoT devices increasingly at risk Microsoft Digital Defence Report 2023
  1. AI-powered cyberattacks are becoming more sophisticated:
AI is transforming cybersecurity, but also enabling advanced forms of cyberattacks. Microsoft found several examples of AI-powered attacks in 2023, such as deepfake audio and video, generative adversarial networks, and machine learning poisoning.
AI and large language models (LLMs) will transform cybersecurity_Microsoft Digital Defence Report 2023
  1.  Supply chain attacks pose a systemic risk:
Supply chain attacks are those that compromise a trusted third-party vendor or service provider and use their access or products to target their customers or partners. Microsoft witnessed several high-profile supply chain attacks in 2023, such as SolarWinds, Kaseya, and Codecov, which affected thousands of organizations worldwide.
We hope you enjoyed reading the insights shared above! For more insights like this, be sure to subscribe to our Email Insights or LinkedIn Newsletter.

If you are looking for Microsoft’s cybersecurity assistance or consultancy, we would be more than happy to assist you! Feel free to reach out to us via email ( or schedule a free 30 min call at your convenience.
Written By
Priya Gupta
Priya Gupta 
Digital Marketing Associate 
peer reviewed By
JAsjit Chopra
chief executive officer
Recommended Content

Email Insights

Get the latest updates from Penthara right in your mail box.
Sign Up

LinkedIn Newsletter

Monthly updates, news & events from Microsoft to help  your business grow.
Subscribe To Newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

More From This Category

Stay Ahead of Threats with Microsoft Copilot for Security - What You Need to Know

Cybersecurity threats are constantly evolving, keeping IT professionals on their toes. But what if you had a powerful AI assistant by your side, proactively hunting threats and simplifying security operations? Enter Microsoft Copilot for Security, a game-changer in the cybersecurity landscape.

Read More
Top 5 Configurations to Improve Identity Secure Score

In this blog, we will discuss the overview of Identity Secure Score in Azure AD and the top 5 configurations that will improve your Secure Score. These recommendations come from working in the Azure AD security space for multiple years across different industry verticals.

Read More
How to choose the best Antivirus Software for your business

Are you a business owner or security decision-maker looking for the best antivirus solution to protect your data? Read on. This blog will guide you on what aspects you must look at to choose the best Antivirus for your business.

Read More