Microsoft unveils AI-driven Secure Future Initiative, an enhanced cybersecurity amid an evolving threat landscape


Microsoft SFI.jpeg

We knew Microsoft was going down deep in AI. They are building their custom-Arm chips with a focus on AI, they have built infrastructure to support AI, and they're doing everything they can to integrate Copilot everywhere.

It should come as no surprise that Microsoft now intends to build an AI-focused cyber shield to protect companies worldwide from cyber threats.

Funny, the last movie I saw who tried to create an armor around the world with AI ended up with a product that became a supervillain. Yeah, yeah, I'm talking about Ultron.

Jokes aside. Microsoft calls this the Secure Future Initiative (SFI). It has three pillars: AI-based cyber defences, advances in fundamental software engineering, and advocacy for stronger application of international norms to protect civilians from cyber threats.

The second pillar is ensuring software is always up-to-date, has zero vulnerabilities, and can fight cyber attacks. The third is about raising awareness so companies can keep improving their cyber security so their customers, like us, won't be affected.

Cybercriminals continue to evolve, constantly finding new ways to exploit any vulnerabilities. They become more sophisticated and aggressive in their methods. In the last two years, 40% of attacks were related to nation-states and focused on critical infrastructure, posing significant risks. Ransomware attempts have increased by over 200%, targeting smaller and more vulnerable organizations such as hospitals, schools, and local governments.

"The Philippines has experienced rapid digital transformation in recent years, with internet penetration reaching 73.1% in 2021 and over 50 million web threat attempts in 2022 alone," said Peter Maquera, chief executive officer at Microsoft Philippines. "As more Filipinos embrace digital technologies, it is almost inevitable that we also see a rise in cyber threats. In 2022, the Philippines was ranked as the fourth country most targeted by cybercrime. Now, it has become essential to address the increasing speed, scale, and sophistication of cyberattacks."

Microsoft's SFI aims to provide advanced cybersecurity solutions to help organizations and individuals in the country safeguard their digital assets and critical infrastructure. Microsoft intends to build an AI-based cyber shield to protect customers and countries worldwide. The company's global network of AI-based data centers and advanced foundation AI models enable it to harness the power of AI to advance cybersecurity protection. As part of the SFI, Microsoft will accelerate its work on multiple fronts, including utilizing AI to advance Microsoft's threat intelligence, allowing for faster detection and analysis of cyber threats.

Microsoft will employ AI as a game-changer for organizations to help defeat cyberattacks at machine speed, addressing the global shortage of trained cybersecurity professionals. With the Philippines facing a growing demand for cybersecurity experts, AI-driven solutions can help bridge the gap and improve overall security. In fact, a 2023 white paper by the International Information System Security Certification Consortium has reported that, despite the great global demand for cybersecurity professionals, there is still a shortage of nearly four million cybersecurity workers compared to the roles that need to be filled. Microsoft's Security Copilot combines a large language model with a security-specific model and can generate natural language insights and recommendations from complex data, making analysts more effective and responsive.

The SFI will drive new advances in fundamental software engineering. Microsoft is transforming how it develops software with automation and AI, evolving its Security Development Lifecycle (SDL) to a dynamic SDL (dSDL). This will integrate cybersecurity protection against emerging threat patterns throughout the coding, testing, deployment, and operation processes.

As part of this process, over the next year, Microsoft will enable customers with more secure configurations for out-of-the-box multifactor authentication (MFA),  which refers to the company's current MFA default settings. This will expand current default policies to a broader range of customer services, focusing on areas where customers need protection the most. By improving these default settings, Microsoft aims to reduce the risk of successful cyberattacks and strengthen overall security.

Other critical steps under the SFI include strengthening identity protection against sophisticated attacks and pushing the envelope in vulnerability response and security updates for cloud platforms. Microsoft plans to cut the time it takes to mitigate cloud vulnerabilities by 50% and encourage more transparent reporting across the tech sector. This is crucial as the Philippine National Police Anti-Cybercrime Group reported that cybercrimes in Metro Manila rose by 152% during the first half of 2023, with at least 6,250 cybercrimes reported to the police.