This is just one reason why we need to change how we protect data, according to a Microsoft executive.
Microsoft has seen a 300% increase in the number of attacks happening around the world in the last year, according to the company’s VP of enterprise mobility, Brad Anderson.
“We have this very unique perspective because we operate these 200 global services for both consumer and enterprise, so we have a very unique view on these things as they happen,” Anderson said.
It's not only the number of attacks, but the sophistication in the attacks has increased too. According to Anderson, the most sophisticated ones he has seen are from nation states.
“The rate at which the attacks are happening, the sophistication of the attacks and the rate they spread once they get inside an organisation – it’s gone past the point where human capacity can take it themselves,” he said. “You have to have something like a cloud, or multiple clouds, backing you up.”
As businesses move to new cloud services, the traditional perimeter-based security model previously used to build a network wall around the company becomes worthless. This is because a lot of the data is located outside that perimeter now, according to Anderson.
“In the past, when all the data is behind the firewall you could have a degree of protection there because somebody had to figure out how to punch through the firewall to get to your data. The data is in the cloud now, and so that perimeter based security model is no longer helpful because the data no longer passes through the perimeter anymore,” he said.
For Anderson, identity has become the new perimeter in a world of cloud services and mobile devices.
“Your identity is the only thing that is common across all the services that your users are getting access to. And all these attacks you read about, 80% trace back to compromised user accounts. Identity is the most important thing for you to protect, period,” he said.
Microsoft has been building an ‘intelligence security graph’. This collates all the data across the company, from all of the services, and brings it together in one place. It brings in 10TB of data a day and then applies the power of the cloud, machine learning and artificial intelligence, Anderson added.
Furthermore, Microsoft applies risk scores to every single user's account, which is either low, medium or high. “We move that risk score up and down based on how that identity is being used. That now enables IT to express a policy that expresses the risk they are willing to take,” explained Anderson.
He gave the example that if Microsoft says a user is scored at medium risk, an enterprise could create a policy where the user is not allowed to access the system until they pass a second factor of authentication.
Additionally, Microsoft is constantly tuning the algorithms, sometimes updating it 10 or 12 times a day, as it learns about new attacks.
Will Microsoft look into using AI more? Anderson replied: “Absolutely, I think we are still on the first fringes of it.
“I think we've understood the kind of easy things to go after in terms of providing intelligence but what we see is the engineers as they get deeper and deeper into this, the creativity is unlocked and they find different ways to use AI.”
Anderson pointed out that due the popularity of the Microsoft 365 products, “we actually have more data” about enterprise attacks than competitors such as Google. Microsoft 365 is the company’s new enterprise bundle that includes Office 365, Windows 10 and its identity-based security solution Enterprise Mobility + Security.