“Microsoft runs on trust, and our success depends on earning and maintaining it. We have a unique opportunity and responsibility to build the most secure and trusted platform that the world innovates upon.”
- Satya Nadella, chairman and CEO of Microsoft shared the above communication with the employees. It was made public on March 3, 2024.
The significance of the above message follows the company’s understanding of the growing concerns about security, particularly in this era of artificial intelligence.
Last November, Microsoft launched Secure Future Initiative (SFI) with this responsibility in mind, bringing together every part of the company to advance cybersecurity protection across both new products and legacy infrastructure.
As at May 2024, the company expanded the initiative to focus on six key security pillars, incorporating industry feedback and its own insights.
Since the initiative began, they’ve dedicated the equivalent of 34,000 full-time engineers to SFI—making it the largest cybersecurity engineering effort in history.
Speaking at Microsoft Ignite in November last year, Vasu Jakkal, corporate vice president, Security, Compliance, Identity, and Management, reiterated why Microsoft is spending a lot of recourses on security, “The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals”
The changing threat landscape, and evolution of AI means that we need to think about cybersecurity differently…. Let me tell you more how Microsoft is leading security initiatives for secured AI era:
On Tuesday, October 22, 2024, during the Microsoft Africa AI Journalist Academy, a team of experts, comprising, Lee-Anne James, chief data officer, Microsoft Africa; Wessel Pieterse, chief security officer, Microsoft Africa; Dean Erasmus, chief data officer, Microsoft South Africa, and Colin Baumgart, CTO and commercial solutions area director at Microsoft South Africa, spoke about Microsoft Digital Defense Report – 2024.
The report shows that last year, the cyber threat landscape continued to become more dangerous and complex.
The malign actors of the world are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders.
Even Microsoft has been the victim of well-orchestrated attacks by determined and well-resourced adversaries, and its customers face more than 600 million cybercriminal and nation-state attacks every day, ranging from ransomware to phishing to identity attacks.
Cybersecurity in the era of AI
According to Colin Baumgart, CTO and Commercial Solutions Area Director at Microsoft South Africa, the cybersecurity landscape is undergoing a profound transformation, driven by the relentless evolution of technology and the increasing sophistication of cyber threats.
“In this dynamic environment, artificial intelligence (AI) has emerged as a pivotal ally in the fight against cybercrime. AI’s ability to analyse vast amounts of data at lightning speeds enables the identification of patterns and anomalies that may indicate a security breach, often before it occurs. This proactive stance is crucial in a time when reactive measures are no longer sufficient.
“But, in an era where digital threats are escalating in complexity and scale, we cannot just think about defending against cyber threats, we need to be advancing the way we design, build, test and operate our technology to meet the highest standards of security. It is why, we have created The Secure Future Initiative (SFI), a multi-year undertaking to safeguard our digital ecosystem.
It is an approach that is anchored in three fundamental principles: secure by design, secure by default, and secure operations, ensuring that security is not an afterthought but a foundational element of everything we create.
“This commitment to cybersecurity extends beyond our own products. Through collaborations and partnerships, we are contributing to a broader security ecosystem, sharing threat intelligence and best practices. This collaborative effort is vital because cyber threats do not recognise boundaries and can ripple through networks, affecting countless users”, Baumgart said.
Recent cyber threats have shown a marked increase in both sophistication and frequency, posing significant challenges to cybersecurity defences worldwide.
The CTO said a notable trend is the surge in mobile, Internet of Things (IoT), and operational technology (OT) cyberattacks, which underscores the expanding threat landscape beyond traditional computing environments.
“Our 2024 Digital Defense Report highlights an alarming rise in attacks, with incidents targeting customers globally, doubling to 600 million per day, revealing the growing collaboration between nation-state actors and cybercriminals.
“Over 78 trillion security signals per day from the cloud, endpoints, software tools and our partner ecosystem inform our insights, and help us to understand and protect against digital threats and criminal cyberactivity.
“Data breaches have also been rampant, with TechCrunch reporting over 1 billion stolen records in 2024 alone. These breaches have not only compromised personal information but have also emboldened criminals who profit from cyberattacks. As the threats evolve, so must the strategies to combat them, requiring a concerted effort from individuals, organisations, and governments alike.
“According to Interpol’s African Cyberthreat Assessment Report 2024, the rapid growth of cybercrime is further illustrated by the estimation that in 2023 there was a 23% year-on-year increase in the average number of weekly cyberattacks per organisation in Africa – this average was the highest in the world”.
Like Baumgart said, in this era of AI, we are all cyber-defenders. “Despite this, 52% of employees still say their job has nothing to do with cybersecurity, according to The Phishing Benchmark Global Report”.
There is a widespread recognition of the need to build a security culture to increase the understanding of security’s value to the business, as well as drive security awareness.
Dean Erasmus, chief data officer for Microsoft South Africa discussed AI’s rapid advancement and its impact on our world.
He said the pace of innovation in AI is astonishing as the demand from customers and governments for AI capabilities is skyrocketing.
“Use cases that were once priorities are now standard SaaS offerings. Additionally, the cost of AI infrastructure has plummeted, making it more accessible than ever”, Erasmus said.
Microsoft prioritizes AI safety
Continuing, he said, “We’ve developed a framework based on our experiences in North America and Europe, where regulations are more established. This framework focuses on fairness, reliability, inclusivity, standards, and accountability.
“Fairness ensures that AI systems allocate opportunities and resources equitably. Reliability guarantees that AI systems are reliable from both a data and architectural perspective. Inclusivity is crucial to avoid excluding large segments of the population, especially in regions where English is not the primary language. Standards and practices are essential for accountability and transparency, which in turn drive innovation.
“From an implementation perspective, one of the biggest challenges we face is ensuring that organizations have the right data and infrastructure in place. Without high-quality data, AI models will produce inaccurate results. Additionally, organizations need to invest in the necessary infrastructure to support AI workloads, including powerful hardware and specialized software.
“Another challenge is the ethical implications of AI. As AI becomes more sophisticated, there is a growing risk of bias, discrimination, and privacy violations. It’s essential to develop and implement ethical guidelines to mitigate these risks”.
Despite these challenges, he believes the opportunities presented by AI are immense.
“AI can be used to improve efficiency, reduce costs, and drive innovation across a wide range of industries. For example, AI can be used to automate tasks, personalize customer experiences, and develop new products and services.
“To fully realize the potential of AI, it’s crucial to invest in education and training. We need to develop a skilled workforce that can develop, deploy, and maintain AI systems. Additionally, we need to foster a culture of innovation and experimentation to encourage the development of new AI applications.
The Cybersecurity Landscape- and the AI opportunity
Wessel Pieterse, the CISO Microsoft South Africa reminded businesses that device compromises and password attacks have increased dramatically in recent years.
“Microsoft tracked a 10-fold increase in password attacks between 2022 and 2023. Additionally, the sophistication of threat actors has grown, with over 300 large-scale threat groups now active.
The complexity of cybersecurity has also increased. Organizations often rely on numerous tools to protect their people, identities, applications, and devices. This can be overwhelming, especially for smaller organizations with limited resources.
He said that to address these challenges, organizations are seeking ways to consolidate their security strategies. They want to reduce costs, simplify management, and improve their ability to detect and respond to threats.
From the foregoing, what Microsoft is saying is that AI’s potentials outweigh the challenges or threats we perceive.
After all, we are told that AI could boost Africa’s economy by over $30 billion in 10 years; that is a new report by research consultancy, Public First.
Therefore, “By addressing the challenges and seizing the opportunities, we can create a future where AI is used to benefit society and improve the lives of people around the world”.