Microsoft Digital Defense Report (2021)

Cover Image - Microsoft Digital Defense Report

Microsoft Digital Defense Report” (2021)
Microsoft Security, October 2021
By Microsoft

“Knowledge is powerful. This report encompasses learnings from security experts, practitioners, and defenders at Microsoft to empower people everywhere to defend against cyberthreats.”


The state of cybercrime

We’ve seen cybercrime evolve as a national security threat that’s driven largely by financial gain. Positively, transparency is increasing as more victims of cybercrime come forward to share their stories. Government cybersecurity efforts have also increased in response to cyberthreats.

Nation state threats

Nation state threat actors have become more sophisticated and harder to detect, creating a threat to security that is replicated by other cybercriminals.

Supply chain, IoT, and OT security

The Internet of Things (IoT), operational technology (OT), and supply ecosystems have been treated in isolation but to counter attacks, security needs to take a holistic approach. Multiple layers of defenses such as multifactor authentication can help maintain security.

Hybrid Workforce Security

In both the physical and digital worlds, the primary way criminals get in is through an unlocked door. Organizations that do not apply or maintain basic security hygiene like patching, applying updates, or turning on multifactor authentication will face much greater exposure to attacks, including ransomware or Distributed Denial of Service (DDoS).


Disinformation is being created and disseminated at increasing scale and speed.

Actionable Insights

Technology and cyber risk can’t be treated as something that only IT and security teams manage. Criminals seek to exploit any opportunity that exists, so while recovery solutions are imperative, it’s on all of us to seek out cybersecurity training and ensure our online safety.

Read the Full Report »

About the Author:

The insights in this report, as well as the actionable learnings above, have been provided by a diverse group of security-focused individuals, working across dozens of different teams at Microsoft. Collectively, their goal is to protect Microsoft, Microsoft customers, and the world at large from the threat of cyberattacks. We are proud to share these insights in a spirit of transparency, with a common goal of making the digital world a safer place for everyone. [See the report section “Contributing teams at Microsoft” for full list.]

See also:

  • How cyberattacks are changing according to new Microsoft Digital Defense Report
    In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are positive trends—victims are coming forward, humanizing the toll of cyberattacks and prompting increased engagement from law enforcement. Governments are also passing new laws and allocating more resources as they recognize cybercrime as a threat to national security.
  • Decoding NOBELIUM: The Docuseries
    [Nobelium is also known as the threat actor behind the attacks against SolarWinds.]
    Get the insider account from the frontline defenders who tracked and responded to the NOBELIUM incident, the most advanced nation-state and supply chain attack in history. Gain insights and learn critical steps to improve your security posture against the next wave of attacks.

    • Episode 1 – When nation-states attack: In December 2020, Microsoft began publicly sharing details on the NOBELIUM incident—an ambitious, sophisticated nation-state cyberattack. Learn from world-class experts about the evolution of nation-state attacks, what made the NOBELIUM attack so significant, and how to prepare your organization.
    • Episode 2 – The hunt for a global threat: Gain inside access to the fast-paced initial investigation of the NOBELIUM attack as threat hunters from across the globe rushed to uncover evidence of a pervasive and sophisticated threat. Find out how FireEye and Microsoft made the big breakthroughs and their lessons for the next encounter.
    • Episode 3 – Countermeasures: Learn what it took to respond to the most advanced nation-state attack in history. Hear directly from the Microsoft defenders who helped customers repel NOBELIUM —and gain actionable insights for your organization’s cybersecurity strategy.
    • Episode 4 – After-action report: Now that the investigation has concluded, receive a full report on NOBELIUM’s unprecedented attack strategy and novel techniques from the threat experts who were there. Find out how NOBELIUM is part of a trend that’s changing cybersecurity forever, and learn how to prepare your organization for the next wave of nation-state attacks.