Businesses are strengthening their security efforts and assessing how AI affects their vulnerabilities BY ALICE CHAMBERS COVER STORY future Delivering secure a Cybersecurity has become a collective duty that spans both the public and private sectors, said Brad Smith, vice chair and president at Microsoft, when opening his testimony before the US House Homeland Security Committee in June 2024. His statement was underscored by a year of escalating cyberthreats. The Microsoft Digital Defense Report 2024 identifies Russian-backed hackers, such as Star Blizzard, as having advanced their attempts to target governments, journalists and researchers with spear-phishing tactics like personalised emails. North Korean actors siphoned billions from cryptocurrency markets to fund state initiatives and Iranian groups have adopted ransomware and criminal tactics to disrupt firms around the world. These threats, plus those from non-nation-state hackers, highlight the urgency for businesses to rethink their security strategies, balancing resilience with rapid response to safeguard critical systems and data. “We recognise that Microsoft plays a unique and critical cybersecurity role,” said Smith to the House Homeland panel. “Not only for our customers, but for this country. And not only for this country, but for this nation’s allies. This role reflects the wide range of products and services Microsoft provides to individuals and organisations, including cloud services that operate through data centres located in 32 countries around the world. It also reflects the broad cybersecurity work we undertake every day, including for and in close collaboration with the US and numerous allied governments.” Microsoft tracks threat actors to understand their attack targets, techniques and motivation. In 2024 alone, the number of actors traced increased by more than five times, according to the Digital Defense Report. Password attacks occurred at a rate of more than 7,000 per second (up from 579 per second in 2021), and the mean time for the average organisation to identify a data breach was 194 days with containment at 64 days. That’s more than sufficient time for bad actors to exploit vulnerabilities, compromise sensitive data and cause significant financial and reputational damage. “If 2024 taught us anything, it’s that a proactive, no-compromises approach to security is essential for 2025 and beyond,” writes Joy Chik, president of identity and network access at Microsoft, in a blog titled ‘Three priorities for adopting proactive identity and access security in 2025’. “Adopting proactive defensive measures is the only way to get ahead of such determined efforts to compromise identities and gain access to your environment.” Microsoft launched the Secure Future Initiative in November 2023 to improve how it builds and operates its technology to meet security standards. In May 2024, chairman and CEO Satya Nadella made security Microsoft’s top priority and dedicated the equivalent of 34,000 engineers to the 34
RkJQdWJsaXNoZXIy NzQ1NTk=