Keeping ahead of an evolving threat landscape is not simply an IT department issue. Security has become a core business priority in a data-first world. Research suggests that in about two years businesses that successfully take a data-led approach will generate more than 25% of revenue from digital products and services. At the same time, insights from the recent Microsoft Digital Defense report show opportunistic criminals are becoming more sophisticated and automated.
For example, attempted password attacks have increased 10-fold year-over-year. So, Microsoft is blocking an average of 4,000 password attacks per second to keep our customers secure. Organized cybercrime services are increasingly available for hire on the dark web. This means a criminal no long needs extensive skills or resources to disrupt a business or compromise its data. Just the motivation and some cash. Today, distributed denial of services (DDoS) can be purchased for as little as $5 USD. The effect of this trend can be seen here in Europe. The region is now the second most targeted of all DDoS attacks in the world – up from 4th place a year ago and trailing only the US.
Strategic advantage through AI
We’re seeing how AI is helping augment cybersecurity teams and giving organizations a strategic advantage. Using AI we can analyze the 65 trillion cybersecurity signals Microsoft receives daily and convert it into actionable intel to keep our customers safe — spotting and pre-empting criminal efforts.
This kind of analytic power and speed would simply not be possible without AI and the cloud. Similarly, we see customers using AI and data tools to augment their teams, increasing the speed and effectiveness of threat detection, response, analysis and prediction.
It is important for me to stress a key point: AI’s true value is fully realized when it augments the experience and problem-solving abilities of trained professionals. This is a timely issue as many businesses have cybersecurity teams that are stretched thin. In fact, the EU reports that Europe faces a deficit of up to 500,000 cybersecurity professionals. That is why Microsoft – among other initiatives— is supporting the Cybersecurity Skills Academy and is committed to train 100,000 learners in Europe with cybersecurity skills over a two-year period.
Security is everyone’s business
Basic security hygiene can protect against 99% of attacks according to the Microsoft Digital Defense Report. But, in a data-first world, each employees needs to appreciate their role in promoting cybersecurity. Supply chain logistics managers. Customer service field agents. CFOs. Everyone in between. Employees need the right skills and understanding of the threat environment.
The EU’s Network and Information Security Directive 2 (commonly referred to as NIS2) supports this point. The legislation was designed to help protect Europe’s critical infrastructure — such as financial services and manufacturing — as the threat landscape evolves. NIS2 requires in-scope organizations to have comprehensive plans and measures in place by next October for mitigating risk as well as managing and reporting incidents. The breadth of the legislation speaks to a fundamental truth: staying a step ahead of emerging is a company-wide transformation journey.
NIS2 is ultimately an opportunity for businesses to build trust with customers and stakeholders. The best time to start preparing is today – my colleague Mike Hughes wrote a great guide on how you can get started.
The power of partnership
The reporting requirements in NIS2 highlights another truth: minimizing cyber security threats requires cooperation and collaboration. It’s too big a challenge for any one organization to address working in a silo. We all need to play our part in sharing knowledge and learnings, across the private and public sectors. Microsoft partners with global law enforcement on cybercrime issues as well as with our industry peers. In the face of an acute shortage of cyber security experts shortage, we created a service to give customers direct access to our own specialists to help augment their teams.
The bottom line, any organization – regardless of where they are in their cybersecurity journey – can take action and effectively stay ahead of cyber criminals. Embracing AI and the cloud offers crucial advantage. Bringing employees along on the journey – in terms of the culture you promote and skills you prioritize – is equally as important.