Cybersecurity in an AI-Driven Landscape
with Tom BurtCybersecurity stands at the forefront of global concerns, and recent advancements in generative AI have opened new avenues for both progress and peril. Guest host Alvaro Vitta and Tom Burt, Corporate Vice President of Customer Security and Trust at Microsoft, delve into the insights from the 2023 Microsoft Digital Defense Report.
Episode summary
Cybersecurity insights for Public Sector organizations from the 2023 Microsoft Digital Defense Report.
Cybersecurity in an AI-Driven Landscape: Insights from Microsoft’s Tom Burt
Cybersecurity stands at the forefront of global concerns, and recent advancements in generative AI have opened new avenues for both progress and peril. Guest host Alvaro Vitta and Tom Burt, Corporate Vice President of Customer Security and Trust at Microsoft, delve into the insights from the 2023 Microsoft Digital Defense Report. They explore the pressing need for collaboration between public sector and private industries to navigate this evolving landscape effectively.
The recently released 2023 Microsoft Digital Defense Report provides a comprehensive overview of cybersecurity trends and threats. The report draws on Microsoft’s ecosystem and expertise to offer a unique perspective and valuable recommendations to the cybersecurity community and beyond. Alvaro Vitta, Microsoft Worldwide Public Sector Cybersecurity Lead, and Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft, sat down to explore the implications of the report for Public Sector organizations, as well as advances in artificial intelligence (AI) and what these mean for both cybersecurity attacks and defense.
The power of data in cybersecurity
One distinctive aspect of Microsoft’s cybersecurity efforts lies in the colossal volume of data processed daily—an astounding 65 trillion signals. These signals form a substantial data resource for analysis, aiding in understanding cybersecurity risks and informing improvements in products and services. This vast amount of data empowers the team at Microsoft’s Threat Analysis Center to analyze security risks, enhance products, and provide invaluable insights into the evolving threat landscape.
Burt emphasizes the dedication of over 10,000 security and threat intelligence experts at Microsoft, all committed to enhancing the safety and security of their customers. Tom shares, “The Microsoft Threat Analysis Center, which is one of my teams, works to investigate, understand, and report on foreign influence operations and the way in which other nation-states surreptitiously seek to distribute their propaganda messages around the world. And that team also adds geopolitical analysis to the cyber-threat intelligence that Microsoft threat intelligence teams gather in our technical hunting for nation-state actors. And then we write reports regularly on that activity to inform the public.”
Increases in nation sponsored cyber-threats
The Microsoft Digital Defense Report highlights observed state-sponsored cyber-threat activity against organizations in more than 120 countries and territories, with 53% of all of the threat notifications being sent by Microsoft to government and critical infrastructure organizations.
Reflecting on the causes for this, Burt observed “nation-states can conduct that activity without any constraint or any deterrence. There simply is no internationally agreed set of norms of conduct, with enforcement of some kind, to constrain the activity of nation-states who engage in these attacks. And therefore, since they’re effective and useful, we’ve seen more and more nation-states stepping into this space, conducting more attacks, and doing so in a more sophisticated way. And I think it’s also a product of the increasing tension in geopolitical climate in general. And we’re seeing that across the major actors that we track.”
Burt explained some of the Report’s findings, “The Microsoft Threat Intelligence Team tracks over 300 nation-state actor groups, but they still largely operate from one of four countries: Russia, China, Iran, and North Korea. And each of those countries has its own unique set of reasons why they’ve been really active over the last year.
Russia obviously is continuing its hybrid war against Ukraine, and they continue to use both espionage gathering and destructive cyber-weapons as part of the arsenal of weapons they’re bringing to bear in that ongoing war. And we’re seeing them increasing their focus in espionage gathering outside of Ukraine, targeting government organizations and private sector organizations that are in one way or another supporting the Defense of Ukraine against the war.”
“We’re seeing Iran using increasingly sophisticated tradecraft, better cybersecurity techniques and operations, and using a wide variety of techniques, including they take advantage of newly disclosed vulnerabilities… And we’ve also seen Iran engaging in destructive cyber-operations, where they try to cause impact to the networks that they are compromising. We’ve seen them do that in Israel and also in Albania.”
“We’re seeing North Korea engaging in a broad range of espionage attacks, especially targeting their nearest neighbors, South Korea, Japan, and others that – including the U.S., that might have information of use to North Korea. But the biggest focus of North Korean actors has been their very successful attacks against cryptocurrency organizations in order to steal cryptocurrency, and they’ve been successful to the tune of hundreds of millions of dollars. And there appears to be an almost direct relationship between those thefts of cryptocurrency and their activity funding their missile operations. And so, North Korea is actually using cyberattacks to steal money to fund their ability to develop intercontinental ballistic missiles.”
“And then, we’re also seeing this unchecked expansion of the cyber-mercenary marketplace, where more and more companies are building espionage tools and selling them to any government agency or organization willing to pay, so that those organizations, whether it’s an authoritarian government, a democratic government, or even a business enterprise, can take advantage of these offensive tools to surreptitiously conduct espionage and gather information from citizens and other organizations without their knowledge.”
“And so, you have all of these different motivations, but what is key to all of them is these kinds of attacks are effective, they’re useful to these nation-states, and there is no way right now to meaningfully constrain or deter that activity.”
Balancing progress in cybersecurity policies
Burt explored the progress and challenges in modernizing cybersecurity policies. Governments worldwide are increasingly recognizing the criticality of robust cybersecurity measures, leading to efforts to strengthen regulations and encourage secure product development. Burt reflected that “governments are taking these kinds of cyber-threats seriously, are recognizing the risk to their national interest, to their economies, to their citizens, from both nation-state and cyber-criminal attacks. So it’s a great thing that governments are stepping into this space and looking for how they can regulate or legislate to better defend against cyberattacks.”
While there have been commendable efforts, challenges still persist, notably in harmonizing regulations. Burt stressed the need for consistency in cybersecurity regulations across governmental agencies and jurisdictions. He cited the example of reporting cybersecurity incidents, advocating for a thoughtful and standardized approach that optimizes the response to vulnerabilities.
Moving to the cloud: A cybersecurity imperative
Burt passionately advocates for cloud migration as a powerful strategy to enhance cybersecurity. The cloud not only offers robust cybersecurity measures but facilitates rapid incident response and efficient vulnerability patching. Encouraging this transition to the cloud and promoting strong security practices for cloud service providers emerged as a key recommendation to enhance cybersecurity on a broader scale.
Burt shared, “We need to get people to the cloud. Because not only is the cloud where we and our competitors can provide our best cybersecurity and have the opportunity to provide incredibly powerful AI engines to help defend in the cloud. When there is an incident in the cloud, we can respond in a matter of hours or days instead of weeks or months.”
Addressing AI-based cyber threats
With the rapid evolution of generative AI in the past several months, this has also impacted the activity of cybercriminals. Before outlining actions to take, Burt cautioned on understanding the true scope of the AI threat today. He shared “we are seeing both nation-states and cyber-criminals using AI, generative AI, but the principal way in which we’re seeing them do that so far, is to help them refine their phishing attacks.”
“We’re also seeing AI, and especially AI for image processing, being used to improve the fake imagery that we are seeing being used in nation-state influence operations.”
“There’s a lot of concern that over time, AI-powered programming tools or others might help bad guys create malware, or other attack vectors more rapidly or more readily. We’re not really seeing evidence of that to any significant extent so far, but it is something that – that we are watching for very carefully.”
Burt expressed optimism and pessimism about AI’s role in cybersecurity. He believes AI will give defenders a disproportionate advantage in the long term, necessitating a team of expert AI technologists and significant investment.
Burt emphasized Microsoft’s position “Microsoft has been very public in stating that we think government should be regulating AI in responsible ways. And we are working as close partners with governments to help define what those rules and regulations should be and how we can control it.”
Lessons and actionable recommendations
Burt encouraged listeners to read the Microsoft Digital Defense Report to understand how to address these threats “one of the things we try to do is not just address both problems and challenges, but also our recommendations for what can be done. And so, I really encourage people to read through it. There’s a lot of useful information.”
Burt stressed the importance of cybersecurity basics, like multifactor authentication and zero-trust architecture, “If we could all exercise the basics of cybersecurity, we could today protect against something like 99% of all of these attacks… We saw once again that deployment of multifactor authentication could protect against over 98% of all attacks that occurred over the past year.”
He emphasized the recommendation that organizations to move to the cloud to benefit from “our best cybersecurity services and systems, our ability to react quickly, respond and help defend, and the application of AI to cybersecurity.” Additionally, Burt addressed the talent deficit through AI deployment, such as Microsoft’s upcoming Security Copilot.
Cybersecurity modernization across governments
Governments globally are recognizing the need for cybersecurity modernization. Burt highlighted efforts by the US, UAE, South Korea as well as regional organizations like the G7 showcasing a collaborative approach towards enhancing cybersecurity.
Burt’s insights shed light on the evolving cyber-threat landscape, the crucial role of government policies, and the imperative of transitioning to the cloud for enhanced cybersecurity. Navigating the cyber landscape effectively depends on leveraging AI responsibly, embracing fundamental cybersecurity practices, and fostering international collaboration.
To find out more:
Listen to this episode on any of these podcast platforms:
About the Center of Expertise
Microsoft’s Public Sector Center of Expertise brings together thought leadership and research relating to digital transformation in the public sector. The Center of Expertise highlights the efforts and success stories of public servants around the globe, while fostering a community of decision makers with a variety of resources from podcasts and webinars to white papers and new research. Join us as we discover and share the learnings and achievements of public sector communities.
Questions or suggestions?