Microsoft has rolled out a string of new security measures aimed at deterring cyber threats and preventing vulnerabilities that have plagued the big tech firm in recent years.
Brad Smith, Microsoft vice chair and president, announced the new measures, dubbed the “Secure Future Initiative” (SFI) in a Nov. 2 blog post.
According to Microsoft, the new security measures, which heavily incorporate artificial intelligence (AI), will bring together every part of the company to advance cybersecurity protection.
The newly bolstered security protocols follow multiple cyberattacks against Microsoft in recent years, including the SolarWinds attack in 2020 during which hackers used malware to compromise several agencies, including the Departments of Defense, State, Homeland Security, Energy, Treasury, and Commerce.
The company was also subject to a 2021 hack resulting from a flaw in its Microsoft Exchange Server email that left emails belonging to at least 30,0000 organizations across the United States exposed.
More recently, Chinese hackers were able to steal 60,000 emails from the U.S. State Department after breaching one of Microsoft’s engineers’ devices and stealing a certificate that allowed them to breach the State Department network, raising concerns about the U.S. government’s reliance on Microsoft for cybersecurity tools and services.
“The past year has brought to the world an almost unparalleled and diverse array of technological change. Advances in artificial intelligence are accelerating innovation and reshaping the way societies interact and operate,” Mr. Smith began the blog post.
“At the same time, cybercriminals and nation-state attackers have unleashed opposing initiatives and innovations that threaten security and stability in communities and countries around the world,” he continued.
‘Sophisticated’ Cyberattacks Need New Approach
Mr. Smith went on to state that Microsoft has concluded in recent months that the increasing “speed, scale, and sophistication” of cyberattacks calls for a new approach when it comes to cybersecurity.
The company’s new approach, the (SFI), will operate under three pillars, focused on AI-based cyber defenses, advances in fundamental software engineering, and “advocacy for stronger application of international norms to protect civilians from cyber threats,” according to the blog post.
Specifically, under the AI aspect of the initiative, Microsoft will be using advanced AI tools to improve the company’s threat intelligence and analysis to better detect cyber threats.
“We are extending these capabilities directly to customers, including through our Microsoft security technologies, which collect and analyze customer data from multiple sources,” Microsoft said.
The company will also be using “game-changing” AI for its Security Copilot tool which combines a large language model with a security-specific model that has various skills and insights from Microsoft’s threat intelligence. This will make existing threat analysts more effective and responsive while simultaneously helping combat the shortage of trained cybersecurity professionals, according to Microsoft.
Microsoft also plans to use AI to “transform” software development, the blog post noted.
Additionally, the tech giant plans to bolster identity protection against highly sophisticated attacks, noting that identity-based threats like password attacks have increased ten-fold during the past year, with cybercriminals using ever more sophisticated techniques to steal and use login credentials.
Faster Response to Vulnerabilities
Microsoft said it plans to protect against such threats by implementing advanced identity protection through a “unified and consistent process” that will manage and verify the identities and access rights of its users, devices, and services across all our products and platforms in a more streamlined manner.
“We will also make these advanced capabilities freely available to non-Microsoft application developers,” the company noted.
Finally, Microsoft said it plans on “pushing the envelope” when it comes to enhancing its vulnerability response and speed, with the firm aiming to slash the time it takes to mitigate cloud vulnerabilities by 50 percent.
The company also vowed to push for more “transparent” and “consistent” reporting of such vulnerabilities across the tech sector.
Microsoft noted in Thursday’s blog post that its Digital Crimes Unit is tracking 123 sophisticated ransomware-as-a-service affiliates, whereby various developers sell or rent ransomware to buyers.
Since September 2022, the company estimates ransomware attempts have surged by more than 200 percent, according to this year’s Microsoft Digital Defense Report.
Additionally, the tech giant noted an increase over the past year of “nation-state efforts to target cloud services, either directly or indirectly, to gain access to sensitive data, disrupt critical systems, or spread misinformation and propaganda.”
While Microsoft acknowledged the significant role tech companies and the private sector play in cybersecurity protection, the company also called on governments across the world to do more to bolster protections online.
“Especially when it comes to nation-state activity, cybersecurity is a shared responsibility. And just as tech companies need to do more, governments will need to do more as well,” Mr. Smith concluded. “If we can all come together, we can take the types of steps that will give the world what it deserves—a more secure future.”
From The Epoch Times