Colin Erasmus, Modern Workplace Business Group Lead at Microsoft
Made famous by popular movies like 300, the Battle of Thermopylae has gone down in history as one of the most compelling examples of a team of gritty defenders – though severely outnumbered – standing strong against a formidable threat.
Skimpy leather tunics and rippling muscles aside, one might well say the legendary showdown is symbolic of how today’s chief information security officers (CISOs) feel staring down a constantly growing and evolving cyber threat. In fact, research confirms that 84 percent of CISOs not only believe cyberattacks will increase, but that the capabilities of attackers are outpacing their ability to defend their organisations. Often under-resourced and lacking budget, CISOs are in many cases outflanked and outnumbered just as the Greeks were thousands of years ago.
In South Africa, CISOs are particularly battle weary. Research shows malware attacks in South Africa increased by 22 percent in the first quarter of 2019 compared to the first quarter of 2018. This translates to around 13 842 attempted cyberattacks per day.
Defenders continue to push back
Despite this, cyber defenders across the country have successfully pushed back attackers on many fronts over the past couple of years, and this trend continues according to Microsoft’s security intelligence reporting for 2019. Ransomware, which saw a massive decline in 2018, was again driven back in 2019. In fact, the monthly average percentage of machines in South Africa that encountered ransomware dropped from 0.08 percent to 0.06.
Though cryptocurrency mining malware emerged as a new threat in 2018, this too was successfully driven back by cybersecurity professionals last year. The encounter rate for South Africa dropped right down from 0.25 percent to 0.11 percent.
Malware encounter rates in general quietened down significantly. In South Africa the percentage of machines that encountered malware dropped from 6.09 percent in 2018 to 5.19 percent in 2019.
Even more stealthy attacks such as drive-by downloads, whereby unsuspecting users download malicious code to their computers when they visit a website, have been curbed drastically. The average monthly volume of drive-by download pages detected for every 1,000 pages indexed by Bing dropped from 0.05 in 2018 to 0.04 in 2019.
But despite these significant victories, the battle rages on.
Incoming – attacks continue
In fact, the same report tells us incoming attacks detected by the Azure Security Centre continue as before. This is particularly the case as hackers produce increasingly targeted attacks against a growing range of devices and services. South Africa is a case in point where the percentage of incoming attacks on Azure for 2018 was 0.05 percent, rising to 0.10 percent in 2019.
The numbers are not surprising given we are seeing rapid growth in the number of online users across the country. When combined with a cybersecurity infrastructure that is still developing, it creates significant opportunity for devious cybercriminals to exploit vulnerabilities. Phishing remains one of the most popular forms of exploitation. In fact, the global percentage of phishing mails detected has steadily increased between 2018 and 2019, spiking in July 2019 at 0.85 percent.
Even for the most battle-hardened CISOs, there are almost too many battle fronts to defend.
But unlike the Greeks at the Battle of Thermopylae, cyber defenders have a strategic advantage that enables them to wage war on cybercrime across the full breadth of their digital estates. In fact, thanks to ongoing breakthroughs in new technology, AI can help change the cybersecurity game.
AI helps fight the battle on all fronts
The AI capabilities built into Microsoft Security solutions are trained on eight trillion daily threat signals and the insights of 3,500 security experts. Custom algorithms and machine learning models make, and learn from, billions of queries every day. As a result, Microsoft Security solutions help identify and respond to threats 50 percent faster than was possible just 12 months ago. Today, Microsoft Security solutions are able to automate 97 percent of the routine tasks that occupied defenders’ valuable time.
Microsoft Threat Protection, for example, does the heavy lifting for defenders by proactively hunting across users, emails, applications and endpoints. It brings together alerts and takes action using AI and automation. The solution breaks down security silos so security professionals can automatically detect, investigate and stop coordinated multi-point attacks. It weeds out the unimportant and amplifies signals that might have been missed, freeing defenders to work on the incidents that need their attention.
It also builds on progress achieved by solutions like Microsoft Defender Advanced Threat Protection (ATP).
Freeing up defenders’ time
Because Windows Defender ATP is able to achieve an average detection and response time of just hours, compared to the industry average of several days, it allows companies to remediate cybersecurity incidents far more quickly.
The solution is powered by the cloud, meaning its automated incident response protocols act quickly to move actionable threats from alert to remediation in minutes, regardless of scale. The higher detection rates and automated incident response protocols of Windows Defender ATP ultimately free up many working hours for the in-house security team. That time can then be devoted to defending against new security threats used by more inventive malicious actors.
The cyber threat landscape in South Africa is, without doubt, getting more complicated. But AI and the public cloud, combined with human expertise and industry collaboration are delivering innovation that gives the advantage back to the defenders of cyberspace. For outnumbered and outflanked CISOs across the country, it just may be the breakthrough they need.