Machines, humans must team up for robust cybersecurity
There can be no doubt that the Fourth Industrial Revolution has ushered in a flood of benefits via digital transformation. Organizations now engage citizens and customers, empower public servants and business employees, optimize operations and reinvent business models as never before. But an explosion in device prevalence and data creation has expanded the attack surface for those that would rain on the parade.
How should we discuss our escalating concerns about cybersecurity? Should we talk about insidiousness? The average attack package takes less than 48 hours to take control of a network and will remain there for 146 days before detection. Should we talk about employee training? More than 63 percent of network intrusions occur through compromised user credentials. What about cost? Organizations around the world take a combined annual hit of $500 billion and the average loss from a corporate data breach is $3.8 million.
These global findings from Microsoft’s “Lean on the Machine” report, and others, are reflected in regional research. For example, a recent Microsoft survey discovered that more than 80 percent of large GCC enterprises still used user names and passwords as the sole means of network authentication. Only around 11 percent use a 2FA SMS notification to support username-password authentication. About 7 percent reported using fingerprint-scanning and just under 1 percent had adopted facial recognition.
Getting ready and staying steady
This is a vital realization, because while the insidiousness of the threat landscape, employee knowledge gaps and frightening costs are all worthy topics for discussion, our solution lies in discussing readiness. If we are ready for whatever the digital bandit throws at us, all other concerns melt away. The average large enterprise combs through 17,000 threat alerts a week, wasting time chasing false positives and prioritizing responses. Lack of visibility and inhouse expertise weaken defenses and response effectiveness. We are not ready.
So how do we get ready? Well it may surprise you to learn that technology is only part of the solution. Recent progress in the cybersecurity arena - newfound successes not only in detection, but in prediction - has come from combining big-data analytics, machine-learning, and human expertise. Security analysts sift out the most suspicious alerts and provide feedback that allows software to become smarter.
A hybrid in action
One example of a working system is MIT’s AI2, which has been in operation for more than two years. The system trawls through some 40 million lines of data logs each day, using specialized algorithms to present only the 100 or 200 most nefarious-looking entries for human analysis. It takes feedback from the analysts that allows it to improve real-time performance, and as of April 2016, it could detect 85 percent of cyberattacks. It took AI2 just three months of learning to get that good and the human element was key. MIT’s system generates 80 percent less false positives than machine-only solutions.
If we want to be ready, this is our way forward. Microsoft is a strong believer in this approach. We have built an entire cybersecurity ecosystem of layered architecture, specialists, data-sharing, and partner solutions around it. Every month, we scan more than 18 billion Bing searches and process 450 billion authentications. We subject 400 billion emails to checks for phishing campaigns and hidden malware, and more than 200 cloud services are monitored for security risks.
Protect, detect, respond
The Microsoft Intelligent Security Graph powers realtime detection, response, and remediation, using advanced analytics to pull together threat intelligence and security data from our own environment and those of our trusted partners. Insights from the Graph enable us to protect our own products and services as threats arise.
Microsoft’s Advanced Threat Analytics, monitors behavior and allows our customers to react as fast as their attackers, reducing false-positive fatigue. And we also offer Windows Defender Advanced Threat protection (ATP), a unified platform for preventative protection, post-breach detection, automated investigation and response. This, we believe, is what being ready looks like. Our attackers will not relent, so neither should we.