Securing Our Digital World Together with the Support of AI
October is Cybersecurity Awareness Month, a global initiative to raise awareness and educate people about the importance of staying safe online. In the midst of the rapid development of digital technology and its interconnection in various elements of our lives, this initiative becomes increasingly important because it is our shared responsibility, as cyber defenders, to take part in cyber security.
Did you know that, as artificial intelligence (AI) technology continues to evolve, cyber defenders from various parts of the world can innovate and collaborate closer than ever before? The integration of AI technology into cyber protection is also believed to help reverse the wave of increased number of cyber-attacks. Below are some insights.
Current Landscape: Cyber Attacks Continue to Increase
According to data that Microsoft collected from July 2022 – June 2023 and shared through the Microsoft Digital Defense Report 2023, the cyber threat landscape is growing and damaging on a large scale. Last year, for example, marked a significant shift in cybercrime tactics, where criminals exploited cloud computing resources such as virtual machines to launch Distributed Denial of Service (DDoS) attacks – a cyber-attack that aims to make services or networks unavailable to legitimate users.
Some types of cyber-attacks that have increased, as summarized in the Microsoft Digital Defense Report 2023, include:
- Overall, organizations experienced an increase in ransomware attacks compared to the previous year. Cybercriminals increasingly optimized their ransomware attacks by choosing the most vulnerable targets, encrypting the most valuable files, and demanding the optimal ransom amount. Human-operated ransomware attacks, in particular, increased by 200% or doubled. Based on Microsoft telemetry, 70% of organizations facing human-operated ransomware have fewer than 500 employees, and 80-90% of successful ransomware attacks come from unmanaged devices. Not only that, but criminals are also becoming more sophisticated in avoiding detection and bypassing security measures – 60% of them use remote encryption to erase their tracks.
- The frequency of business email compromise (BEC) attacks increased to more than 156,000 attempted cases every day. The most common types of BEC attacks are (1) Financial fraud. Attackers often create fake domain identities to deceive users into thinking they are involved with a legitimate third party for financial transactions; (2) Lateral movement through internal phishing. Because these emails are internal and sent by legitimate senders, this type of BEC increases the likelihood of users being deceived; and (3) Mass spamming activity. Here, attackers register the victim’s email address to various forums, newsletters, and so on, resulting in the victim receiving a very large number of emails – sometimes exceeding 1,000 emails per minute. When this happens, the victim’s attention is distracted and divided, so they often cannot see valid warnings or authentication messages in their inbox.
- Fatigue-based attacks on entering passwords and using multifactor authentication (MFA) increased rapidly. In the first quarter of 2023, password-based attacks increased tenfold from 3 billion per month to more than 30 billion. In addition, there were 6,000 MFA fatigue attempts every day for the past year. As a reminder, MFA is a protection method where users are asked to provide additional forms of identification such as facial recognition, fingerprint, or one-time passcode (OTP), to access the desired website or application. Cybercriminals can take advantage of layered protection, which sometimes can feel tedious, by sending as many notifications as possible, hoping that users will be overwhelmed and eventually help them gain access.
AI-Based Defense Is Essential to Build Resilience
With the increasing sophistication of how criminals launch cyber-attacks, cyber defenders need to strengthen their security posture – one of them through the adoption of AI technology. AI can help defenders augment their capabilities and resources by:
- AI-enabled detection: AI’s ability to monitor and analyze large volumes of data can help defenders identify anomalies, patterns, and indicators of compromise, as well as collect threat intelligence faster. AI can also help defenders detect unknown threats.
- AI-driven response: Defenders can use AI to automate and complement their incident response processes, such as triaging alerts, determining priority actions, testing and validating actions, and executing remediation measures. AI can also provide contextual information and recommendations to help experts respond to incidents faster and more effectively.
- AI-powered protection: Defenders can use AI to protect their users and assets from cyber-attacks by enforcing policies, rules, and controls. AI can also help defenders protect users by verifying behavioral data and preventing data leakage or exfiltration. Equally important is the aspect of education that can always be assisted by AI to uphold the security and resilience aspects of the online ecosystem.
Along with the transformation of AI-based cyber security, the use of AI to anticipate cyber threats requires large amounts of data. That is why cross-industry collaboration is needed to optimize the use of AI in protecting cyber security.
As a global technology company with more than 10,000 experts in security and threat intelligence, managing 135 million devices in various parts of the world, and receiving about 65 trillion signals every day, Microsoft has access to a variety of security data that puts the company in a unique position to understand the cyber security landscape. Microsoft also uses data analytics and advanced AI algorithms to help identify indicators that can predict attackers’ next movements.
Recently, Microsoft introduced Microsoft Security Copilot, a security product designed to help incident responders collect all the data they need to respond to incidents from various platforms in the customer’s system, using prompts in natural language. Powered by OpenAI’s generative AI GPT-4, Microsoft empowers cyber defenders to see, classify, and contextualize larger amounts of information much faster. This design allows every cyber defender, including those who work alone / in small teams, to work quickly and optimally. This also helps balance the gap in cyber security professions, considering that 3.4 million cyber security jobs have yet to be filled in 2023.
We Are All Cyber Defenders – Let’s Defend with Responsible AI
Behind the sophistication of technology available to strengthen cyber security measures, including AI, it is critical to remember that humans are the main defenders of cyber security, with technology at their disposal. Cyber security is a team sport that requires collaboration from all players – in this case individuals and organizations across industries.
To start, individuals and organizations need to take proactive measures and adopt best practices or basic cyber hygiene proven to provide protection from 99% of cyber-attacks. Here are some cyber hygiene tips:
- Backup your data. Backup your data regularly to a secure location, such as a cloud service. Cloud services, such as Microsoft Azure, can protect your systems and/or data from internal and external threats using a working model that controls who has access to resources while maintaining data privacy. These services can also help you recover your data in the event of a cyber-attack or data loss incident.
- Educate yourself. Learn the basics of cyber security and keep up with the latest developments related to cyber security and AI. As part of this education, you will learn about the importance of always updating your firmware, operating system, and applications; and using extended detection and response (XDR) and antimalware to detect threats faster. This is because unpatched or outdated systems and software are the main reason many individuals become victims of attacks.
- Report. Always apply the Zero Trust principle – never trust and always verify any suspicious activity by reporting it to the relevant authorities or platforms, such as the company’s technical/cyber security team. This can help prevent further damage. Not only that, but you can also share your experiences and insights with your colleagues and community to increase their awareness.
- Activate multifactor authentication (MFA). This protects you from compromised user passwords and helps provide extra resilience for identities.
In addition, cooperation is mandatory in order to create a responsible AI future, to maintain user trust and privacy, and to create long-term benefits for society. Microsoft is committed to ensuring that all Microsoft AI products and services are developed and used in a manner that upholds the company’s responsible AI principles: fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability. Simultaneously, Microsoft is working with industry partners to develop standards and technologies that enable transparent and verifiable information about the origin and authenticity of digital content to enhance trust online. This includes using advanced detection mechanisms to identify and mitigate potential risks associated with malicious content generation.
Cybercrime will not stop—and will become even more complex. Therefore, it is our task to act faster. When cybercriminals take advantage of cutting-edge technology like AI to launch more targeted and sophisticated attacks, let’s use AI to improve our security and resilience. Together, we can secure our digital world more strongly.
###