Microsoft Announces New Secure Future Initiative to Counter Evolving Cyberthreats

microsoft security hero approved

Key Takeaways:

  • Microsoft has announced a new Secure Future Initiative to enhance its threat intelligence capabilities and provide AI-powered security tools to detect and mitigate cyberthreats at scale.
  • Microsoft is introducing mandatory multi-factor authentication, securing identity signing keys, and accelerating the mitigation of cloud vulnerabilities.
  • Microsoft advocates for stronger international standards to protect against state-sponsored cyberattacks.

Microsoft announced this morning its new Secure Future Initiative (SFI) to protect customers against the evolving threat landscape. The initiative comprises three pillars of advanced protection, focusing on:

  1. AI-based cyber defenses
  2. software engineering advancements
  3. and industry-setting standards for a more secure future.

Microsoft Vice Chair and President Brad Smith highlighted that ransomware attacks have increased by over 200 percent. Since September 2022, threat actors have increasingly targeted small businesses, schools, hospitals, and local governments. It is important to note that over 80 percent of successful ransomware attacks stem from unmanaged devices.

“Whether they work for geopolitical or financial motives, these nation states and criminal groups are constantly evolving their practices and expanding their targets, leaving no country, organization, individual, network, or device out of their sights,” Microsoft President Brad Smith said today. “They require a new response based on our ability to utilize our own resources and our most sophisticated technologies and practices.”

The executive detailed the following new initiatives to protect customers and civilians against state-backed cyber-attacks:

AI-powered cyber defense mechanism

Microsoft has once again emphasized its commitment to implementing cyber defense mechanisms to safeguard its customers worldwide. The company is extending its threat intelligence capabilities to help customers detect and analyze security threats. Microsoft also highlighted investments in tools and technologies to ensure that its Responsible AI principles and practices are closely tied to product design.

Additionally, Microsoft highlighted it offers various security tools that use AI to help organizations block and mitigate cyber-attacks at scale. For instance, Microsoft Security Copilot is a new AI assistant that allows cybersecurity professionals to identify security breaches. Moreover, Microsoft Defender for Endpoint leverages AI to protect laptops, phones, and servers in enterprise environments.

Microsoft Announces New Secure Future Initiative to Counter Evolving Cyber Threats
Microsoft Security Copilot

New software engineering advances

Microsoft has committed to three engineering advances to enhance software design, development, and testing of its products and platforms.

Over the next year, the company will introduce mandatory multi-factor authentication (MFA) and other on-by-default security settings to boost out-of-the-box protection. The ultimate goal is to make it harder for the threat actors to impersonate users.

Secondly, Microsoft plans to move identity signing keys to more secure Azure Dedicated Hardware Security Modules (HSMs) and confidential computing infrastructure. It should help to ensure that signing keys remain encrypted at rest, in transit, and during computational processes.

Lastly, Microsoft will expedite the process of mitigating cloud vulnerabilities by 50 percent. It also aims to remove traditional software vulnerabilities by promoting memory-safe languages, including Python, C#, Rust, and Java.

Microsoft’s Secure Future Initiative calls for robust application of international norms

Last but not least, Microsoft has urged to enforce stronger international standards to safeguard civilians against state-sponsored cyber-attacks. All countries should refrain from deliberately injecting security flaws to compromise critical infrastructure such as medical care, food, water, and energy. States should also prevent cybercriminals from breaching cloud services within their jurisdiction.

It’s important that governments must collaborate to ensure accountability when nations cross established boundaries. “But especially when it comes to nation state activity, cybersecurity is a shared responsibility. And just as tech companies need to do more, governments will need to do more as well. If we can all come together, we can take the types of steps that will give the world what it deserves – a more secure future,” Smith emphasized.