Traversing New Threat Horizons: Key Insights from the Microsoft Digital Defence Report 2024

19 November 2024

The Microsoft Digital Defence report 2024 outlines the rapid changes in the cyber landscape, including the intensified role of nation-state actors, the rise of AI in both attack and defence, and evolving strategies to safeguard digital identity. Below, we summarise key insights from the report and explore how these trends inform resilient digital identity strategies for a fortified cybersecurity posture.

Quote from Chris Tate, CEO, Condatis

“The Microsoft Digital Defence Report 2024 sheds critical light on the unprecedented threats we face. As a Microsoft partner, we recognise that safeguarding digital identity has become central to every organisation’s defence strategy. Our mission aligns closely with Microsoft’s Secure Future Initiative—putting security first at every level. Through ongoing innovation with Microsoft, we remain committed to making digital identity not only resilient but foundational to global cybersecurity.”

Chris Tate, CEO, Condatis

Escalation of Nation-State and Cybercriminal Attacks

Microsoft’s findings reveal an unprecedented convergence between nation-state actors and cybercriminal groups, with tactics and motivations now overlapping as state-affiliated actors increasingly conduct cybercrimes to secure revenue and resources. Notably, ransomware attacks surged by 2.75x this year, with cybercriminals targeting sectors vital to public welfare, like healthcare, and essential services.

Digital identity is a central line of defence against these blended threats. As attackers leverage tools traditionally unique to state actors—such as intelligence-gathering malware or supply-chain infiltration—strong, adaptable identity solutions become essential. Multi-layered identity protections, including robust multi-factor authentication (MFA) and adaptive access controls, are critical to protecting sensitive data against increasingly sophisticated attacks.

 

The Dual Role of AI in Cyber Threats and Defence

The report highlights AI’s powerful, dual impact: it enables both more targeted, scalable cyberattacks and advanced defensive capabilities. Cyber adversaries are leveraging AI for highly personalised phishing campaigns and influence operations, while defenders gain from AI in threat detection, pattern recognition, and automated responses, allowing them to address attacks in real-time and at scale.

In digital identity, AI-enhanced tools are proving invaluable in fraud detection and behaviour-based authentication. Integrating adaptive, AI-driven intelligence allows for real-time analysis of user behaviour, flagging abnormal access attempts and pre-emptively closing potential security gaps. For organisations, these AI-powered tools are pivotal to dynamically responding to evolving threats and securing identity channels.

The Rising Threat of Identity Compromise and Targeted Impersonation

A notable increase in identity-based attacks is strongly emphasised, with more than 600 million identity threats occurring daily. Threat actors are leveraging identity compromise as an effective way to bypass security, using tactics like credential stuffing, session hijacking, and token theft to exploit vulnerabilities in digital identity infrastructure. This shift towards identity-based attacks has been observed in both nation-state and financially motivated cybercriminal groups, allowing them to bypass traditional security barriers and gain access to sensitive data undetected.

In parallel, social engineering tactics have become increasingly sophisticated, with attackers employing targeted spear-phishing campaigns and impersonation attacks to trick users and compromise identity layers. A similar incident occurred back in 2023, with the major MGM Grand hack. These tactics manipulate digital touchpoints, often bypassing multi-factor authentication (MFA) and accessing critical resources. By blending identity compromise with advanced social engineering, attackers can infiltrate even highly secure environments with ease.

Identity attacks in perspective: More than 99% of identity attacks are password attacks

With identity as a key entry point, organisations need robust identity protections that go beyond basic MFA. Combining adaptive, AI-driven behavioural analytics with continuous monitoring allows for real-time detection of unusual access patterns, such as unexpected logins from unfamiliar locations or devices, enabling organisations to promptly isolate or block suspicious sessions. Advanced identity protections, including zero-trust architecture, ensure that each access request is verified regardless of origin, preventing lateral movement even if a single layer of defence is breached. Additionally, fostering an awareness culture among employees—equipped to recognise and respond to phishing and impersonation tactics—is essential to fortify digital identity against modern threats.

 

Growing Need for Global Cooperation and Cyber Deterrence

The need for global partnerships and coordinated deterrence strategies is highlighted, to reduce attack volumes and protect critical digital infrastructure. Public-private initiatives, such as the Microsoft-ASD Cyber Shield in Australia, underscore how collaboration can significantly amplify defensive capabilities, streamline intelligence-sharing, and improve the security posture of national and industry ecosystems.

As Microsoft partners, we echo the call for closer global cooperation and unified deterrent strategies. A unified approach to cybersecurity is vital, especially for securing identity frameworks that span across borders and industries. By integrating advanced security measures and aligning with global cybersecurity initiatives, we can collectively raise the bar for security and reduce vulnerabilities across the digital ecosystem.

 

Prioritising Identity as a Central Line of Cyber defence

Digital identity is a focal point in the report as Microsoft’s ‘Secure Future Initiative’ reinforces identity security as a critical defence layer. Given the sheer volume of identity-based threats, Microsoft advocates for secure-by-design principles, multi-factor authentication, and zero-trust architectures that prioritise identity as a primary safeguard for digital assets.

Our solutions are built on a foundation of secure-by-design principles, leveraging the latest in phishing-resistant MFA, adaptive access management, and zero-trust frameworks. This approach helps organisations pre-emptively secure their digital identities while remaining flexible enough to adapt to future threat evolutions, giving enterprises a fortified defence against the most advanced threats.

The Microsoft Digital Defence Report 2024 highlights a critical juncture in cybersecurity as organisations face an evolving blend of cybercriminal and nation-state threats. Digital identity remains a critical defence frontier, especially as the integration of AI and advanced social engineering tactics redefine the cyber threat landscape. By aligning our solutions with Microsoft’s vision, we are committed to helping organisations build a resilient security foundation that anticipates, identifies, and mitigates risks to secure digital identities and critical infrastructure alike.

Download the report 

If you’d like to be updated on digital identity and how to protect your organisation, sign up for our newsletter or speak to our team to discuss your business goals.

Get more content like this straight to your inbox!

Subscribe to stay up to date. You can unsubscribe at any time!