In the wake of several high-profile cyberattacks exploiting various aspects of Microsoft’s security and cloud infrastructure in the past few years, the tech giant has decided to launch a new initiative that seeks to overhaul the company’s approach to software security.
One of the highlights of the new initiative is Microsoft’s plans to use Artificial Intelligence – including Microsoft Secure Copilot – to improve its resolve as it fends off attacks from sophisticated, state-backed actors.
Microsoft Launches Secure Future Initiative
“In recent months, we’ve concluded… that the increasing speed, scale, and sophistication of cyberattacks call for a new response,” Microsoft said in a blog post published this week announcing the new Secure Future Initiative.
The company also revealed that “new nation-state cyber activity targeting critical infrastructure organizations across the United States” utilizing “sophisticated, patient, stealthy, well-resourced, and government-backed techniques to infect and undermine the integrity of computer networks” have proved to be the catalyst behind the security overhaul.
Along with these larger, state-backed threats, Microsoft notes that the company is tracking more than 120 smaller-scale (but still very sophisticated) ransomware-as-a-service affiliates, which also have the power to wreak havoc on critical infrastructure and are still very much at large.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this Tech.co Black Friday offer.
The new initiative will be made up of three different pillars: AI-based cyber defense, advancing software engineering and development, and advocacy for better protection for civilians through the implementation of international cybersecurity norms.
How Microsoft Plans to Use AI to Battle Threats
A key part of Microsoft’s secure focus initiative involves harnessing the power of AI to make its systems safer – the company is taking “new steps” to use AI within Microsoft’s Threat Intelligence framework.
Microsoft says it plans to provide customers with some of these capabilities too and use AI to reduce the current delays experienced during vulnerability patching processes.
The tech behemoth is also using AI to assist security analysts and make them more effective at their jobs. Microsoft Security Copilot – a security-focused AI tool that launched in March 2023 – can make security and system management recommendations based on analysis of vast amounts of complicated data.
Microsoft notes that the company is deploying its AI technology in accordance with its rules of responsible AI, but said its AI code of ethics may have to evolve and change alongside the technology, which is developing at a rapid pace.
Will the Attacks Keep On Coming?
Microsoft has been targeted in a number of high-profile cyber attacks over the past few years, with the most recent involving a flaw in Microsoft’s cloud-based messaging platform Exchange Online (OWA)” and their email service, Outlook.com.
Microsoft was widely criticized at the time, with Tenable CEO Amit Yoran calling the company’s sluggish response “grossly irresponsible, if not blatantly negligent.”
Preceding this was the SolarWinds attack in 2020, during which Microsoft’s systems were used to continue what turned out to be one of the most sophisticated, damaging cyberattacks to ever take place.
These sorts of threats aren’t just going to disappear. But perhaps the biggest change to the way the company has approached security and cyber threats for almost two decades is quite an emphatic response.