Cybersecurity Assessment – Microsoft Ecosystem

Microsoft offers non-profit organizations a great set of free products that can simplify running general IT services.  For more information on this, refer to the blog post Microsoft for Non-Profits.

There are numerous tools within the Microsoft ecosystem that enable organizations to secure their digital assets and communication channels. Organizations should understand all the security features built into various products to ensure optimal configurations. Sometimes, there is a need to produce a one-time snapshot of the security posture, perhaps to report to your board on the current state of security within the ecosystem or to track the progress of a cybersecurity program implementation. Microsoft, in partnership with QS Solutions, has built a great tool for generating a self-assessment of your environment. The tool is accessible via the following link:

https://portal.selfserviceassessment.com/home

Running through an assessment is straightforward. Each stage of the assessment is well explained and, in most cases, fully automated. For endpoint assessments, it currently only supports Windows operating systems. Hopefully, one day they will expand the endpoint assessment to include other operating systems typically found in non-profit organizations. Nevertheless, gaining insight into Windows endpoints is still extremely valuable to your initiative.

At the end of the process, the solution provides two comprehensive reports focused on key areas essential to any cybersecurity program. The summary report highlights the first set of actions to improve an organization’s security posture based on industry controls, architectures, and best practices. It includes various statistics and provides a cybersecurity maturity score based on a questionnaire that is part of the assessment phase.

The essentials report provides all the necessary details of what was collected and assessed during the assessment. Each category is scored and completed with a conclusion/recommendations paragraph to help set the direction of your next actions related to cybersecurity.

Overall, the tool is a great starting point for establishing metrics and direction to improve your overall security posture in the products and services that Microsoft offers to non-profits.

Importance of Cybersecurity Assessments

  1. Identifying Vulnerabilities: Regular assessments help identify potential vulnerabilities in systems, networks, cloud presence, and personnel that could be exploited by cybercriminals. By proactively addressing these weaknesses, organizations can minimize the risk of data breaches and other cyberattacks
  2. Ensuring Compliance: Many industries are subject to regulatory requirements for data privacy and security. Periodic assessments help ensure compliance with these regulations, protecting both the organization and its stakeholders from potential penalties and reputational damage
  3. Maintaining Security Policies: Cybersecurity policies can become outdated over time as new threats emerge and technologies advance. Assessments help organizations keep their security policies current, ensuring that they remain effective in protecting against evolving threats
  4. Educating Personnel: Regular assessments can highlight areas where personnel may lack the necessary knowledge or skills to maintain cybersecurity best practices. This information can be used to develop targeted training programs to improve overall cybersecurity awareness and readiness
  5. Testing Incident Response Plans: Cybersecurity assessments can also serve as an opportunity to test and refine a company’s incident response plan, ensuring that it is effective in the event of a breach or other security incident

Statistics on Cybersecurity Breaches and Lack of Continuous Assessment

The importance of continuous cybersecurity assessments is underscored by alarming statistics:

  • Increase in Cyberattacks: In 2023, there were 2,365 cyberattacks, affecting 343,338,964 victims. This represents a 72% increase in data breaches since 2021, which held the previous all-time record
  • Cost of Data Breaches: Around the world, a data breach cost $4.88 million on average in 2024. The financial impact of cyberattacks is significant, with compromised business emails accounting for over $2.9 billion in losses in 2023
  • Email Security Incidents: Email is the most common vector for malware, with around 35% of malware delivered via email in 2023. More than 94% of organizations reported email security incidents
  • Global Cybercrime Costs: Cybercrime is projected to cost the world $23 trillion by 2027, an increase of 175% from 2022. This high-vulnerable digital environment demands continuous cybersecurity assessments to stay ahead of emerging threats

These statistics highlight the critical need for regular and continuous cybersecurity assessments to protect organizations from the ever-evolving landscape of cyber threats.

Sources used for statics and other content:

The Importance of Periodic Cybersecurity Assessments – https://envescent.com/insights/the-importance-of-periodic-cybersecurity-assessments/

Cybersecurity Stats: Facts And Figures You Should Know – https://www.forbes.com/advisor/education/it-and-tech/cybersecurity-statistics/

Key Cyber Security Statistics for 2025 – https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-statistics/

Leave a comment