What is a mitigation strategy?

  • 5 minutes

Another important word to learn in the quest to understand cybersecurity is the word mitigation.

Defined as "an action that reduces severity, seriousness, or painfulness of something," mitigation in the technology world is the set of steps an organization takes to prevent a cyberattack.

Organizations, including Microsoft, use different mitigation strategies. Some of the most well-known include:

  • Multifactor authentication (also known as MFA)
  • Browser security
  • User education
  • Threat intelligence and detection

Multifactor authentication

Multifactor authentication works by requiring an end user to provide more than one form of identification to verify their identity. Cybercriminals use compromised usernames and passwords to steal information. Multifactor authentication helps reduce this type of threat by requiring a second layer of authentication using fingerprints, retinal scans, or authentication software.

Browser security

Cybercriminals know that modern workers access the internet via browsers as a regular part of their job. Cybercriminals therefore rely on the use of browsers to find vulnerabilities. Implementing browser security policies helps protect organizations against this type of cyberattack by:

  • Preventing the installation of unauthorized browser extensions or add-ons.
  • Only allowing permitted browsers to be installed on devices.
  • Blocking certain sites using web content filters.
  • Keeping browsers up to date.

User education

As discussed in an earlier unit, cybercriminals rely on the vulnerabilities of humans to cause harm through social engineering. Organizations can defend against social engineering through user education. Educating the end user to recognize malicious content and know what to do when they spot something suspicious is a critical mitigation strategy. Some examples of user education include teaching them to:

  • Spot suspicious elements in an email message.
  • Never respond to external requests for personal information.
  • Lock devices when not in use.
  • Abide by policies on how to store, share, and remove company data.

Threat intelligence and detection

Threat intelligence and threat detection allow an organization to collect systems information, details about vulnerabilities, and information on attacks to develop and implement policies that defend against cyberattacks. This collection of information can be a technological solution that automatically collects information and hunts for and responds to attacks and vulnerabilities.

Implementing and enforcing mitigation strategies is crucial to an organization's cybersecurity.