Why Continual Monitoring Is the Key to Staying Ahead in Today’s Cyber Warfare

In the first half of 2025, Darktrace observed 2.4 million phishing emails targeting financial sector customers. Nearly 30% aimed at VIP users. Mortgage companies sit squarely in that crossfire. Every loan file holds Social Security numbers, bank statements, and tax returns. Attackers know this. They are getting faster, smarter, and more persistent.

Point-in-time security checks miss what happens between audits. A stale account goes unnoticed for six weeks. An employee skips MFA registration. A Conditional Access policy gets disabled during a troubleshooting session and never gets re-enabled. These gaps compound quietly until an attacker finds one.

Continual monitoring closes those gaps before they become incidents.

Why a High Secure Score Hides Real Risks

Microsoft Secure Score measures policy configuration. It does not measure enforcement. A mortgage company can score 75% while dozens of users remain unprotected.

Here is what Secure Score misses:

• MFA registration gaps. Microsoft shows a policy is applied. It does not flag users who never completed enrollment. Those accounts are one phished password away from compromise.
• Stale accounts and orphaned devices. Former employees, shared mailboxes, and devices not enrolled in Intune create blind spots. Standard reporting overlooks them.
• Configuration drift. IT teams disable a policy to troubleshoot. Nobody re-enables it. Weeks pass. The Secure Score might not drop because the policy still "exists" on paper.

Secure Score is a starting point. It is not proof that your environment is actually protected.

What Continual Monitoring Looks Like in Practice

ABT built Guardian Security Insights to go beyond what Microsoft surfaces by default. It pulls data from your Microsoft 365 tenant every night. No manual scripts. No digging through nested admin menus.

The result is a set of prioritized findings your IT team can act on immediately:

• Users who have MFA "enabled" but never registered. This is the single most common hidden risk in mortgage company tenants. Guardian flags them by name.
• Devices not enrolled in Intune. Unmanaged endpoints bypass your Conditional Access policies entirely.
• Accounts inactive for 30, 60, or 90 days. Stale accounts are low-hanging fruit for credential stuffing attacks.
• External sharing anomalies. Who shared what, with whom, and when. DLP violations surface automatically.

Every finding comes with a recommended action. No guesswork.

The Compliance Pressure Is Accelerating

HUD's Mortgagee Letter 2024-10 now requires FHA lenders to report significant cybersecurity incidents within 12 hours of detection. The Mortgage Bankers Association noted this timeline creates real operational challenges, especially for smaller lenders still assessing an incident's scope.

Fannie Mae published its Information Security and Business Resiliency Supplement with new requirements effective August 2025. Sellers and servicers must maintain a formal InfoSec program aligned with NIST standards, report cyber breaches within 36 hours, and provide annual officer attestation across 14 security domains.

The FTC Safeguards Rule requires continuous monitoring or annual penetration testing plus semi-annual vulnerability scans. The NYDFS Part 500 amendments made universal MFA mandatory by November 2025, with $250,000 per-day fines for ongoing non-compliance.

You cannot meet these deadlines with quarterly spot-checks. Continual monitoring is the only way to know your actual posture at any given moment.

How Mason-McDuffie Mortgage Transformed Their Security Posture

Mason-McDuffie Mortgage (MasonMac) started with a Microsoft Secure Score of 32%. Manual checks and custom PowerShell scripts overwhelmed their IT team. Critical gaps went undetected for months.

After implementing Guardian Security Insights, MasonMac saw measurable results:

• Secure Score improved from 32% to over 90% within six months.
• IT identified users who appeared MFA-protected but had never completed registration.
• Monthly executive reports gave leadership clear visibility into security progress.

Clinton Weyland, VP of IT at MasonMac, said: "Guardian Security Insights gave us the visibility and insights we needed to make informed decisions quickly. The continual monitoring and regular reports were game-changers for our IT team and leadership."

What Guardian Security Insights Delivers

Guardian Security Insights is part of ABT's Guardian operating model. It sits on top of your existing Microsoft 365 environment and extracts signal that native tooling misses. ABT serves 750+ financial institutions with this approach.

Nightly automated pulls. Data comes directly from your tenant. No agents to install. No third-party platforms. ABT runs a pure Microsoft stack.

BI-style dashboards. IT teams get prioritized to-do lists. Executives get board-ready summaries. Both views come from the same data set.

Historical trend tracking. See how your posture improved month over month. Prove ROI to your board. Show examiners a documented trajectory.

Deeper MFA analysis. Standard Microsoft reports show policy status. Guardian shows actual enrollment, completion rates, and at-risk accounts that fall through the cracks.

Related Articles

• Guardian Security Insights: The Executive's Guide to Modern Cybersecurity
• Guardian Security Insights: Strengthening Cybersecurity Compliance in the Mortgage Industry
• Turning Cybersecurity Into a Competitive Advantage for Mortgage Companies

Stop Guessing. Start Monitoring.

Cyber threats against mortgage companies increased 20% year over year in 2025. Regulators are tightening reporting windows. Fannie Mae now mandates annual InfoSec attestation. The window for "good enough" security is closing.

Guardian Security Insights gives your team the visibility to act before a breach forces you to react. ABT has served 750+ financial institutions with this exact approach.

Talk to a mortgage IT specialist about what continual monitoring would uncover in your environment.