3 ways Microsoft's new Secure Future Initiative aims to tackle growing cyber threats
The technology landscape is ever-changing, and within the last year, we have witnessed the emergence of new powerful technologies such as generative artificial intelligence. These advances have prompted the development of more sophisticated cyberattacks, and Microsoft has plans to tackle the issue.
On Thursday, Microsoft announced its Secure Future Initiative, the company's next generation of cybersecurity protection.
Also: China and US part of multilateral pact to collaborate on AI risks
"In recent months, we've concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response," said Brad Smith, Microsoft Vice Chair and President in the blog post.
"Therefore, we're launching today across the company a new initiative to pursue our next generation of cybersecurity protection – what we're calling our Secure Future Initiative (SFI)."
The company-wide initiative is focused on three pillars: AI-based cyber defenses, advances in fundamental software engineering, and advocacy for strong application of international norms to protect civilians from cyber threats.
1. AI-based cyber defense
The AI-based Cyber Defense pillar refers to Microsoft's commitment to leveraging its global network of data centers and advanced foundation AI models to build an AI-based cyber shield that customers and countries can use as protection against cyber attacks.
First, Microsoft is using its AI tools and techniques to advance its threat intelligence and improve how it detects and analyzes cyber threats.
Also: The best early Black Friday VPN deals 2023
"While threat actors seek to hide their threats like a needle in a vast haystack of data, AI increasingly makes it possible to find the right needle even in a sea of needles," said Smith.
The company is also using AI to improve the speed at which organizations can defeat cyberattacks, helping the limited amount of cybersecurity professionals maximize their capabilities.
An example is Microsoft's Security Copilot, which combines a large language model with a security-specific model to provide the user with natural language insights and recommendations to make their workflow more efficient.
Also: 9 top mobile security threats and how you can avoid them
Lastly, Microsoft reassures users that the implementation of these AI services will be done in accordance with the company's Responsible AI principles to ensure that the proper security safeguards are in place.
2. New engineering advances
According to Microsoft, another key aspect of a secure future includes advances in software engineering, including advancing the way Microsoft builds, designs, tests, and operates its technology.
The changes in engineering approach were shared with employees in an email authored by Charlie Bell, Executive Vice President of Security at Microsoft, and his engineering colleagues Scott Guthrie, and Rajesh Jha, delineating the next steps for software engineering as part of the Secure Future Initiative.
Also: Global players look to create baseline to evaluate generative AI applications
Specifically, the email highlighted three key steps, the first being the implementation of automation and AI into software development. This implementation will include applications such as AI-powered secure code analysis, and the use of GitHub Copilot to audit and test source code against threats.
In light of identity-based threats such as password attacks increasing tenfold in the past year, Microsoft also plans to strengthen identity protection against highly sophisticated attacks by creating more advanced identity protection, migrating to a new and fully automated consumer and enterprise managing system, and more.
Also: What is the dark web? Here's everything to know before you access it
Lastly, Microsoft plans to cut the time to mitigate cloud vulnerabilities by 50% and ensure more transparent reporting by Microsoft regarding cloud platforms.
3. Stronger application of international norms
In 2017, Microsoft initially called for a Digital Geneva Convention to set principles and norms that would govern the actions of state and non-state actors in cyberspace, and six years later, Microsoft still believes in the necessity of such a convention.
"What we need today for cyberspace is not a single convention or treaty but rather a stronger, broader, and public commitment by the community of nations to stand more strongly against cyberattacks on civilians and the infrastructure on which we all depend," said Smith in the post.
Microsoft urges states to recognize cloud services as critical infrastructure, protected against attack by international law.
Also: What is Microsoft Copilot? Here's everything you need to know
In said convention, the states would commit to not engage or allow any person within their territory to engage in malignant cyber operations that compromise cloud services, not compromise the security of cloud services for the purposes of espionage, and construct cyber operations to avoid imposing costs non-targets.
Microsoft also calls for governments to foster greater accountability for nation-states that cross the abovementioned commitments.