When cybercriminals launched a ransomware attack on Kalix Kommun one night, they infiltrated the Swedish municipality’s entire IT database and shut down systems managing everything from communications to finances, medical records and heating and ventilation in municipal buildings. The blackout impacted more than 1,600 employees and around 16,000 citizens.
The City of Saint John in New Brunswick, Canada, faced a similar situation when its IT environment was breached and held hostage for multiple millions of dollars. Meanwhile, a two-pronged nation state attack on the Government of Albania caused 1,118 e-services to go down for three days.
While all three government organisations were able to rapidly prevent widespread damage and regain control of their IT systems with the help of Microsoft technology, their experiences give a small insight into the extent of the cyber warfare being waged on government agencies around the world. In fact, the Microsoft Digital Defense Report 2023 found that 53 per cent of the “dramatically increasing” number of cyberattacks in more than 100 countries and territories were focused specifically on critical infrastructure and government organisations.
“Governments are prime targets for ransomware and nation state attacks because they hold a lot of valuable data and they operate the critical infrastructure and services that keep countries running and people safe and healthy,” says Kirk Arthur, worldwide government solutions lead at Microsoft, who previously led data breach investigations for the US Secret Service. “They’re also plagued by challenges such as patched and siloed legacy IT systems, insufficient password control and authentication policies, limited financial resources, and a lack of personnel with the skills and knowledge to implement robust cybersecurity measures.”
Governments must strengthen their defences to combat such attacks because they compromise far more than just devices, data and networks; they endanger the public and pose serious risks to society.
“Attacks on critical infrastructure such as power grids, transport networks, water supply or healthcare systems can paralyse governments, preventing them from delivering the vital services that keep citizens safe and healthy and enable society to function well,” says Arthur. “This can cause widespread disruption and lead to significant financial and reputational costs to government agencies.”
Cyberattacks also lead to significant financial loss. Research firm Cybersecurity Ventures estimates that cybercrime will cost the global economy $8 trillion in 2023 and predicts this figure could rise to around $10.5 trillion by 2025. In addition, breaches cause reputational damage, eroding the confidence and trust citizens have in governments to operate cost effectively and handle their personal data safely and responsibly.
“Governments rely on citizens’ personal data to power many of their services, but few will be willing to provide this information if they are concerned their privacy will be breached,” says Arthur. “Consequently, it’s crucial governments take swift action whenever a breach occurs. They must be fully transparent about the affect and what was exploited – to the extent they can share without compromising the ensuing investigation – and how this could impact individual citizens. To regain public trust, they should also outline all the steps they have taken to remedy the situation and how they will work to prevent a similar attack occurring in future.”
Back to basics
Data from various sources suggests cybercrime will continue to skyrocket. Microsoft research shows cybercriminals are launching around 4,000 password attacks every second and that ransomware attempts have increased by more than 200 per cent since September 2022. Meanwhile, Gartner predicts 30 per cent of critical infrastructure organisations will be breached by 2025. In tandem with this, government agencies are increasingly investing in technologies such as the cloud, generative AI, machine learning and digital twins to optimise their operations and improve the way they deliver services to citizens, which is increasing the attack surface.
The Microsoft Digital Defense Report 2023 indicates that implementing simple security solutions and well-developed cyber hygiene practices empowers organisations to prevent 99 per cent of attacks. For example, they can deploy multifactor authentication to stop user passwords being compromised, apply zero-trust principles to strictly manage access to their digital estate and continuously monitor their IT environment, and use anti-malware and extended detection and response solutions to rapidly detect and respond to threats.
“Hackers will exploit any vulnerability, so it’s essential for organisations to keep all systems up to date and invest in all the basic tools to minimise the attack surface,” says Arthur. “Zero trust is particularly important and should be core to any cybersecurity strategy. Not only does it enable organisations to prevent external attacks impacting their digital estate, but it also ensures employees can’t accidentally – or intentionally – introduce new threats internally. Plus, zero-trust frameworks allow organisations to automate routine security tasks, freeing up their people to focus on managing critical threats.”
Now that attacks are becoming more frequent, complex and sophisticated, however, governments must invest in more advanced cyber defence solutions.
“Governments are collecting more data than ever before and they’re battling against an increasing number of cyberthreats, so it is now impossible for their staff to analyse all of this information quickly enough to successfully block every attack,” says Arthur. “Instead, they need hyperscale cloud, digital technologies and access to real-time intelligence that will help them detect and respond to threats at machine speed and scale.”
Building an AI-based cyber shield
Microsoft and its network of security partners offer the “whole gamut of physical and digital security solutions,” says Arthur. “We make significant investments in cybersecurity technology every year. We’re simplifying zero trust and building intelligent end-to-end security solutions that make it as quick, easy and cost-effective as possible for governments to defend their entire digital estate.”
Microsoft is also prioritising investments in technologies like AI to augment its existing security products and advance its threat detection capabilities. Its more than 10,000 cybersecurity experts already use AI to analyse over 65 trillion threat signals per day and track the activities of more than 300 unique threat actors worldwide. This enables it to block 4,000 identity attacks per second and shut down more than 100,000 domains used by cybercriminals.
In November 2023, Microsoft introduced the Secure Future Initiative with the aim of leveraging AI-based cyber defence techniques to “bring together every part of Microsoft to advance cybersecurity protection”. It is also using generative AI to develop new innovations like Security Copilot.
Built on Microsoft Azure, Security Copilot integrates with the entire Microsoft Security stack and uses generative AI, a large language model and a security-specific model to rapidly detect and respond to thousands of threat signals. It also leverages Microsoft’s global threat intelligence insights to predict a threat actor’s next move and deliver step-by-step guidance to help cyber defenders resolve security incidents within minutes rather than hours or days. In addition, Security Copilot can answer both basic and complex security-related questions from users, which will empower governments to close the current cybersecurity talent gap.
“Security Copilot brings high-level cybersecurity knowledge and skills to the masses at the click of a button,” says Arthur. “It makes analysts more effective and responsive, allowing them to catch threats that would otherwise be missed and disrupt attacks at machine speed. It’s a game-changing solution for cybersecurity professionals.”
According to Arthur, Microsoft’s successful efforts to safeguard Ukraine against Russian government-backed cyber warfare showcase the power AI and hyperscale cloud have to revolutionise cyber defence.
As part of its military operations against Ukraine, and just before the Russian military crossed the Ukrainian border on 24 February 2022, Russia launched a Foxblade cyberweapon against Ukraine. This marked the start of multiple waves of cyber destructive, espionage and foreign influence campaigns designed to cripple Ukraine and undermine the unity of its allies. Microsoft’s security experts were among the first to detect the Foxblade attack and have since been pivotal in helping Ukraine and its allies to withstand a high percentage of these attacks by using advanced cyberthreat intelligence, AI, new analytics tools, broad data sets and internet-connected end-point protection.
“Microsoft is helping to shield digital assets and keep Ukraine’s critical infrastructure up and running to protect its citizens,” says Arthur.
Collaborating to counteract cybercrime
The cyber war between Russia and Ukraine also demonstrates why bi-directional partnerships between the public, private, academic and non-profit sectors are essential for building resilient cyber defences against malicious actors.
“Hackers and nation state adversaries are exceptionally skilled and very well resourced, and they’re only going to become more sophisticated and ambitious as they continue to capitalise on new technologies,” says Arthur. “No technology provider can overcome cybersecurity challenges on its own; we need strong public-private partnerships to address the complexities and inherent global nature of cybercrime. We’re all in this together.”
According to Arthur, partnerships act as a “force multiplier” for every stakeholder involved in the cybersecurity space.
“By sharing threat intelligence and insights into trends, we can all fully understand the local, national and international cybercrime landscape and accelerate the development of innovative solutions that will fulfil organisations’ end-to-end security needs,” he explains. “Collaborating also helps us to establish common cybersecurity standards and regulations. For example, Microsoft’s Digital Crimes Unit has developed deep relationships with security teams across Microsoft, and with law enforcement, security firms, researchers, nongovernmental organisations and customers to increase both our scale and impact when fighting cybercrime. Together, we can create a united front against cybercrime for the good of the world.”
Partner perspectives
We asked selected partners how they are using Microsoft technologies to help governmental organisations to better protect citizens’ data against the increasing risk posed by cybercriminals.
“We offer advanced tools and up-to-date educational content tailored to the latest threat patterns. We also work with Microsoft’s cybersecurity engineers to further enhance our cybersecurity solutions and develop products that integrate well with Microsoft’s own security offerings,” said Theo Zafirakos, security and professional services leader at Fortra’s Terranova Security.
“It is vital for organisations to protect all digital assets and intellectual property. That’s why our HaloCAD and HaloCORE solutions extend the powerful security offered by Microsoft Purview Information Protection to computer-aided design files, product lifecycle management systems, and any data extracted from SAP,” said Mario Galatovic, CEO of Secude.
“Organisations often struggle with effective application governance, leaving them vulnerable to cyberattacks. With our free Application Governance Assessment report, organisations can quickly see how their application landscape compares to Microsoft’s recommended practices and quantify the results with our AppGov Score,” said Jay Paul Gundotra, CEO of ENow Software.
“Fortra helps organisations take advantage of Microsoft’s cloud technology without compromise by supplementing Microsoft’s native security with an array of best-of-breed cybersecurity solutions. For example, Fortra’s email security solutions integrate with Microsoft 365 and stop advanced email threats like business email compromise and account takeover,” said Mike Devine, cheief marketing officer at Fortra.
Read more from these partners in the Winter 2023 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.