Business as usual in a digital warzone - how Microsoft protects its users from cyber-attacks
We were at IP Expo earlier today to hear Brad Anderson, Corporate Vice President of the Enterprise Client & Mobility (ECM) team at Microsoft speak in a thought-provoking keynote entitled ‘business as usual in a digital warzone’.
4 October 2017
It was an interesting look at how the two trends of the Cloud and mobility have completely changed the threat landscape and effectively dispensed with the ‘perimeter’ of where the network (and the data within it) starts and ends.
Microsoft has a unique take on this – every month, according to Anderson, it manages 450 billion user authentications, scans 400 billion emails and updates 1 billion Windows devices. Every one of these interactions feeds back into a giant pool of data that Microsoft applies advanced machine learning to in order to understand and help keep us safe.
This reveals some interesting data. Anderson told us for instance that Microsoft had seen a 300% increase in user attacks this year over last. He also revealed that when a phishing attack breaks through the network, 32% of employees will open the malicious email. Microsoft also currently sees around 100 million user identities being attacked every month. When attacks do get through, the company estimated that the average cost of a breach and (associated business impact) is $15m.
What can be done and how are partners like GCI protecting your organisation? According to Anderson, “human hands and minds alone are not enough”, “we have to use the power of Clouds.” Notice the plural there, Microsoft is adamant that its Cloud alone is not enough which is why it works with partners including those in law enforcement to share data. In Anderson’s words “you have to have someone to help watch your back.”
In practice this means acting on the data it analyses very quickly. For instance, if you’re on Office 365 you will be protected as soon as a malicious pattern is detected. Microsoft will analyse information it might see from the consumer world and apply this intelligence to business (and vice versa). If you’re a OneDrive user and (for example) your machine is infected with a WannaCry type ransomware attack, you’ll be able to roll your files back to the point in time just before the attack. You’ll get your data back “without even needing to contact your IT department” says Anderson.
And of course, it’s not just the criminals we need to worry about since accidental data loss is a massive issue. That’s why Anderson highlighted how easy it is to set permissions in Outlook so that files become self-protecting even if put on a USB drive. Because it has to authenticate to a user, it can only be opened with that user’s ID.
User identity was an issue covered at length – in Anderson’s words “this is the new control plane, the new perimeter” and “the most important thing for an organisation to protect.” Again, there is an answer here via the Microsoft intelligent security graph. Anderson illustrated how a risk score is assigned to every user, every device and every app so that only trusted users with trusted devices have access to data. Microsoft runs background checks on each interaction (which takes just 200 milliseconds). If extra authentication is needed it can be as simple as a thumb print on an iPhone home button.
All in all, the keynote gave a revealing insight into the scale of the cyber problem and reassuringly, Microsoft’s strategy to stay one step ahead of the attackers, deploying its vast resources to do so.
Want to hear more about Microsoft’s cyber security strategy and how your business can stay one step ahead? On the 31st October and the 1st November, we’ll be at Microsoft’s Future Decoded as Headline Sponsors – come and talk to us about the solutions available to secure and mobilise your business.