Microsoft’s EMEA chief security advisor Sarah Armstrong-Smith warned about the surge of cyber-risks that organizations are facing today, during Big Data London on September 22, 2022.
This acceleration is due, she said, to the conjunction of an increased threat following the war in Ukraine on the one hand, and accelerating digital transformation on the other, with generalized hybrid working, a massive acceleration of cloud migration and the convergence between IT, OT and IoT networks.
“In Teams alone, we went from 17m active users before the pandemic to over 250m today, and 2bn minutes of collaboration every day,” she counted in front of the audience.
Infosecurity Magazine asked her how Big Tech, and particularly Microsoft, could help companies overcome these challenges while minimizing security risks.
Infosecurity Magazine: Considering the heightened cyber-threat, what is Microsoft’s top priority to help organizations protect themselves better?
Sarah Armstrong-Smith: With the war in Ukraine, we started to see companies that become a lot more cognizant about the distribution of data. In times of peace, everyone tries to keep their data as close to them as possible. Now, we see a lot more customers, particularly larger enterprises, wanting to be able to move their data fast, not just in the cloud but sometimes out of the country.
Also, they want to know exactly where all their applications are hosted, even when it’s in the cloud – both because regulators are getting stricter, asking them for transparency and to be able to accelerate the migration when needed.
As a leading provider of cloud services, with Azure, Microsoft 365 and Dynamics, we have over 220 data centers and we use AIOps, utilizing machine learning capability to constantly monitor those data centers.
IM: Could you tell us more about your involvement to help the Ukrainian government before Russia invaded the country?
SAS: At the beginning of 2022, when the Russian troops started to amass on the Ukrainian border, the Ukraine government highlighted that the majority of their data resided on premise in their own data centers, and they were really concerned about how they were going to secure their data.
Microsoft and Azure stepped in to help the Ukrainian government. On the month leading up to the invasion, Microsoft not only moved 16 of the 17 Ukrainian ministries’ data to the cloud, but out of Ukraine.
The war really started, not on February 24, 2022 when Russia actually invaded Ukraine but one day before, with cyber warfare. We identified that the Russian government had 300 coordinated cyber-attacks, all designed to hit Ukraine’s critical infrastructure, including a new strain of wiper attacks, that we denoted as FoxBlade. It was imperative for us to get this information into the hands of people who have to make strategic decisions about what to do with critical data.
IM: Do you also help your customers protect this data?
SAS: Absolutely. We generate 43 trillion telemetry signals every single day – that’s 460 petabytes of data. To make sense of such an immense amount of data, we deploy data analytics and machine learning. We have 8500 people working in security, who are actively tracking approximately 250 threat actors.
But we also need our customers to trust us with monitoring their data. That is the reason why our vision revolves around three key principles: we do not share data, we do not sell data, we do not compete with our customers. For instance, we do not allow the American government backdoor access – and in fact we have gone up against the US Senate to defend our customers’ rights to privacy.
Also, in terms of AI ethics, regulation is lagging behind. Just because you can doesn’t mean you should. So, it’s incumbent for Big Tech to have codes of conduct and work with their partners and customers. That’s why we have created the EU Data Boundary to make sure data used in the EU is hosted in the EU, for example.
IM: Have you seen new trends in the data theft landscape emerge with the surging cyber warfare?
We’ve seen an emergence of new access brokers that are not only interested in financial data, but in any valuable data that they can then sell. That’s why companies must see the bigger picture and consider all their valuable data as being at risk.
As I mentioned, along with the rising geopolitical tensions, we’ve seen numerous wiper attacks from everywhere, as well as an increase in supply chain attacks.
Although this is not new, as we’ve been seeing an increase in nation-state activity going back to SolarWinds in 2020, one of the most sophisticated attacks deployed by a nation-state actor, we are not seeing more willingness from some nation-state actors to go one step further, from disrupting a network to destructing an infrastructure.
IM: To do so, threat actors sometimes go as far as hacking industrial or IoT devices. Is Microsoft looking to better protect these new attack surfaces?
This is a big area of investment for Microsoft. Now, it’s not just about the IT, our customers want to connect it to the [operational technologies] and the IoT devices, so we must think about how to have visibility on all these intertwined networks and protect them – or at least segment them.
In terms of IoT, we have learned a lot from Xbox. It taught us how to connect and monitor multiple devices with specific operating systems, and to deal with vulnerabilities.
Also, two years ago we acquired a company called CyberX, which provide a multiple sensor solution for OT networks. We have now fully integrated them into Microsoft.