By Diana Kelley, Cybersecurity Field CTO, Microsoft
As technology and the Internet have evolved dramatically over the past decade, so too has both the occurrence and potential impact of cyberthreats. We’ve seen the sheer number of data breaches almost double, reaching 1.2 billion in 2018, and the number of records exposed increase more than 27-fold in the span of less than ten years. As we have moved from Stuxnet to NotPetya, WannaCry and beyond, attacks have become far more complex … and disruptive.
With the average cost of a data breach to a company totaling $4 million, cybersecurity is no longer an option. It’s an operational imperative.
At Microsoft, we devote more than $1 billion annually to fighting cybercrime, and each month we scan over 470 billion emails for phishing threats and malware and 1.2 billion devices for security. Our unique insights into the threat landscape gives us some perspective on what’s happening today – and where things are likely to head.
We believe there are five key trends that will shape cybersecurity industry in 2020. Here’s a closer look at them, as well as what organizations can do to better protect themselves.
1) The Good – and Bad – of Artificial Intelligence
AI’s ability to harness the power of data has given us some incredible new capabilities and insights in the fight against cybercrime, including being able to identify patterns and anomalies faster and more thoroughly, which allows us to get better countermeasures in the field more quickly.
Unfortunately, AI is not just being used for good. It can also be used as a tool by attackers, creating even more destructive malware. This means a higher number of new infections can be unleashed, which can in turn can better hide from detection while they are wreaking havoc.
Because attackers often change their approach, Microsoft has developed our own AI and machine learning (ML) protection based on risk factors, instead of just chasing down previous iterations of malicious code. We process a whopping 8 trillion signals daily in the Microsoft cloud, which allows us to react to “patient zero” threats almost instantly.
However, technology alone cannot keep defenders ahead of adversaries. While AI-based malware is especially effective in evading traditional signature-based anti-virus detection, companies like Microsoft employ 3,500 security experts to help track threats and train their own AI and ML based protection that evaluates a wide range of risk factors – not just previously discovered malware. Furthermore, teams like Microsoft’s Digital Crimes Unit proactively identify criminal organizations creating malware and often work with law enforcement to disrupt their activities.
2) Collaboration to protect supply chains
With more than 75 billion mobile devices (including IoT) anticipated to be in use globally in 2020, gaps like outdated software, unsecured devices and default administrator accounts can provide a wide range of vectors for attackers to enter systems. Further, just two years from now – in 2022 – more than half of enterprise data will be created and processed at the edge, outside of the data center or cloud.
To counteract this, vendors will need to band together to protect their customers and supply chains. Integrated solutions can also provide additional protection – for example, the Microsoft Identity platform adds multifactor authentication for 1.4 million unique apps, many of which, like ServiceNow, GoogleApps and Salesforce, are used by enterprises daily.
Over time, we expect to see even more widespread and formal industry collaboration and technology vendors put customers first and embrace the complexity of modern supply chains.
3) The Importance of Securing the Public Cloud
Until all companies implement security best practices, even well-trodden attacks like phishing will still be effective. This is especially true as IT departments increase their focus on mobility, personal productivity and frictionless BYOD offerings to increase employee flexibility.
Part of the answer lies in the ultimate shift we are seeing to public and hybrid cloud. Because on-premises and mismatched standalone solutions are no match for cyberthreats, the public and hybrid clouds will be the real keys to providing tools for enhanced safety. A hybrid cloud solution allows for AI understanding and insights about the global threat landscape thanks to the more than 8 trillion signals a day which pass through the cloud. Public cloud solutions also make it possible to have additional safeguards like sign-in location checks or secondary authentication, all without bringing traffic to a halt.
Currently, two-thirds of companies are already on hybrid cloud or plan to deploy in the near future, and with the global cloud market growing more than 40% in 2019*, that’s a trend we expect to see continue.
4) The fall of passwords, and the rise of Zero Trust
In 2019, more than 4 billion records were exposed due to data breaches. Poorly secured identities and passwords are still our weakest link, especially in the face of AI-based malware. In fact, 63% of all confirmed data breaches involved weak, default or stolen passwords.
A key weapon for fighting back is implement a Zero Trust system. Like the name implies, Zero Trust systems do not automatically trust anything from within the perimeter, so even if bad actors do manage to get through corporate firewalls, they would still need additional authentication factors to reach each different or sensitive part of the network. It’s incredibly powerful: Multifactor authentication for businesses can actually help reduce the risk of identity compromise by more than 99.9%. By using biometrics and identity-based certificates, organizations can increase safety and streamline the user experience, while industry partners can help scale while still ensuring personal privacy.
5) Nation states as disruptors
All over the globe, we have seen a new danger arise over the past few years: The rise of nation states as online actors, antagonists and combatants. Almost no one globally has been immune to their effect, especially in terms of the worldwide electoral, political and social changes that have accompanied this recent development.
While social platforms and manipulation are still primary areas of concern here, more traditional attacks like phishing are still being used as well.
To counteract, Microsoft’s Threat Intelligence Center is closely following more than 110 active groups directly engaged in malicious cyberactivity, and they are also collaborating with international organizations like Interpol to share best practices and to educate and partner with local authorities.
While some of the threats and developments in cyberattacks are recent, the solution remains the same – we can only be successful in counteracting these malicious attacks through best practices, advanced technology and true collaboration on a local and global level. Microsoft invites everyone in the industry to come together and make 2020 a safer year for users, enterprises and networks, so we all can better protect organizations and allow them to focus on their core charters and missions.