June 05, 2025

1,000 security discussions: lessons from the field and why Managed XDR is the strategic advantage

Mark Hindson
Solution Architect (Security) - Data#3

When it comes to cyber security, every business has its own “Jurassic Park” moment—the point when you realise something has slipped through the cracks, often too late to avoid the damage. That’s how Data#3’s Mark Hindson, one of the top Microsoft security experts in Australia, opened his recent talk in a packed room at Data#3’s annual Juice IT event. With years of experience leading Microsoft Security engagements across sectors and regions, Mark’s insights are drawn not from theory but from real-world customer challenges. 

In a world where cyber threats are accelerating in scale and sophistication, Mark laid bare the most common mistakes organisations make—and more importantly, how they can be fixed. 

“A 9% Wake-Up Call” 

The Office of the Australian Information Commissioner reported a 9% increase in data breaches in the first half of last year. That’s not just a statistic—it’s a signal that traditional security strategies aren’t keeping up. Insider threats, accidental data leaks, and sophisticated external attacks are now part of daily life for IT and security teams. 

Most businesses still lack real-time visibility into who is accessing or sharing sensitive data. As one expert put it, “Data doesn’t move itself, people move it.” Without tools and automation to detect anomalies, businesses remain dangerously exposed. 

The anatomy of a modern security stack 

The four critical security pain points that are seen repeatedly include: 

Insider risk and data security 

The rise of insider threats—both malicious and accidental—demands a new approach, and Mark emphasised the use of Microsoft Purview for information protection and data loss prevention (DLP). Even with an E3 license, organisations can apply sensitivity labels and DLP policies to control access and prevent leaks. Adding Microsoft Purview Insider Risk Management provides machine learning-powered profiling that flags anomalous behaviour and dynamically applies stronger controls, without interrupting user productivity. 

Access management 

Too many organisations still grant excessive permissions to users, often without regular reviews. Microsoft Entra ID (formerly Azure AD) automates identity provisioning and de-provisioning, particularly for contractors and temporary staff. Conditional access and passwordless authentication are no longer optional; they are foundational. 

Threat protection 

Adversaries aren’t waiting. Threat actors are using generative AI to script attacks, craft convincing phishing campaigns, and exploit vulnerabilities faster than ever. Microsoft Defenders’ Extended Detection and Response (XDR) suite—covering endpoint, identity, cloud apps, and email—provides organisations with a unified view of their environment, enabling them to detect and stop attacks early while leveraging AI for both speed and depth. 

Incident response 

With disjointed security tools, incident response is slow and reactive. The integration of Microsoft Sentinel (SIEM) with Defender XDR provides a unified view. Adding to this, Security Copilot can now automate investigation and reporting, reducing response time from days to minutes. This means less time chasing alerts and more time neutralising real threats. 

Real stories, real risks

In one sobering example, a Data#3 customer uncovered a malicious insider—an employee who had accepted a role with a competitor and was drip-feeding confidential data. Thanks to Microsoft’s tools and Data#3’s engagement, the threat was caught in time. The employee was identified and immediately terminated, thus avoiding what could have been a devastating leak. 

These kinds of insights are only possible when organisations move beyond checkbox compliance and start thinking strategically about security. 

Security is a business problem

“Security is no longer just a technology issue,” Mark emphasised. “It’s a business problem.” Budget constraints, resource shortages, and skill gaps plague security teams everywhere. It’s not uncommon to see organisations investing in point solutions that don’t integrate, leaving gaps that attackers can exploit. 

This is why it’s so important to consolidate tools and maximise investments. By utilising Microsoft’s integrated ecosystem, especially when paired with managed services like Data#3’s Managed XDR, organisations can significantly reduce complexity and risk. 

Why Managed XDR is the answer

Built in partnership with Microsoft and backed by SecurityHQ, this offering delivers end-to-end protection across endpoint, identity, email, cloud apps, and more. It’s fast to deploy, cost-effective, and powered by automation and can address the challenges that Mark outlined. 

Key advantages include: 

The service is tailored for businesses looking to boost security maturity without ballooning internal headcount or managing a complex tech stack. 

Start your security roadmap with Data#

Cyber threats aren’t going away. However, with the right strategy, tools, and partner, you can move from reactive to proactive security. 

Data#3 offers security workshops, assessments, and engagements designed to quickly and affordably identify risks, close gaps, and build resilience. Whether you want to optimise your Microsoft investments, modernise identity and access, or unify threat protection, our experts are here to help. 

Connect with a Data#3 Security specialist today to start your journey toward comprehensive, intelligent protection. 

The next breach is constantly evolving – your defence should be too!  

Connect with a Data#3 Security specialist today.

Information provided within this form will be handled in accordance with our privacy statement.