How governments are leveling the cybersecurity playing field with cloud and AI
In the amount of time it takes for you to read this sentence, cybercriminals and nation-state attackers will have launched more than 40,000 password attacks against computing systems, devices, and people around the world.1 That’s 4,000 attacks every second.
It is a sobering statistic and simply one measure of the expanding threat landscape facing several organizations in the world today. Especially for governments, the challenge is only escalating. In the past year, Microsoft threat intelligence observed that, of the dramatically increasing number of cyberattacks in more than 100 countries and territories, 53 percent focused specifically on critical infrastructure and government organizations.1
Microsoft is uniquely positioned to help governments combat cyber threats posed by nation-state attackers and cybercriminals as a company that is committed to empowering people and organizations to achieve more. This is why a foundational element of Microsoft for Government is to help our customers secure government data and protect resources.
In my role, I help public sector organizations around the world protect the digital ecosystems they manage. I advise and partner with governments to devise realistic strategies to help their organizations, agencies, and employees solve society’s big challenges—with minimum impact from cyberattacks. In this blog, I’ll share insights on the state of the challenge and offer proven guidance to help governments achieve better security—today and in the long term.
Microsoft for Government
Empowering governments with technology to help solve society’s biggest challenges
Combating cybercrime with cloud and AI
For governments today, IT systems and services provide a digital backbone upon which lives often depend and which, when compromised or breached, can lead to calamity. Technology should not be viewed as merely a budget line item for an agency or nation, but rather as an essential asset to be optimized and protected.
Technology and tactics continue to rapidly evolve. Unfortunately, many government organizations still rely on approaches designed for past threat landscapes. Some continue to use legacy infrastructure—on-premises systems and siloed security tools that don’t talk to each other. Others employ a legacy mindset that is biased towards a “security through obscurity” reliance on secrecy and disconnected networks to provide a false sense of security.
These organizations are easy targets for attacks. I have witnessed numerous cases where an adversary breached an on-premises system and operated undetected for months. Only to be discovered after valuable data was exfiltrated. By then it was too late.
The good news for governments is that proven, effective solutions are readily available that can mitigate a great majority of cyber threats, as many government entities have already seen.
The most important security move that a government can make is to leverage a hyperscale cloud security platform, such as the one provided by Microsoft. The AI-based automation, scalability, and reliability of the cloud are obvious benefits to any government organization. With the Microsoft Cloud, you get advanced security and protection, which is embedded into the platform and protects against a vast majority of known, preventable attacks.
Many of our government customers have realized critical benefits through the security inherent in Microsoft solutions. To highlight just a few:
- The Government of Albania faced a sophisticated nation-state attack that was designed to destroy systems and data. The Albanian National Agency for Information Society (AKSHI) responded quickly to isolate its infrastructure and shut down critical systems. Working closely with Microsoft experts, and using Microsoft technology, AKSHI recovered in just three days, gained new visibility into its systems, and built its most resilient infrastructure to date.
- The City of Brampton in Ontario, Canada faced the dual challenges of stringent financial constraints, increasing ransomware, and nation-state cyberattacks. With the help of Microsoft partner, Difenda, they deployed a set of solutions to improve overall visibility and bring together previously disparate tools. This solution was complemented by practices designed to heighten security awareness across the workforce. To cite just one key benefit, security alert noise was reduced by 70 percent.
- After the Kalix Municipality in Sweden was hit by a crippling ransomware attack, government leaders decided not to pay the ransom but instead focused on modernizing the security of all their IT systems. Working with their local Microsoft team and local consultants, they adopted Microsoft Defender cybersecurity solutions and implemented new processes and security measures that have proven successful in preventing subsequent attacks, with no interruption in services.
Minimize cybersecurity risk today with these five practical steps
Many governments are struggling with the dual challenges of operating legacy IT systems that are not optimized for today’s threat landscape, while also managing constraints in resources and staffing. Fortunately, there is a path to cyber resiliency and data protection that is both effective and efficient. While this involves long-term thinking, there are short-term team measures that can immediately help. Many government agencies are able to reduce their digital risk profile by following these five practical steps:
- Implement multi-factor authentication. This is a great way to protect against unauthorized access. Research shows that, by enabling multifactor authentication (MFA) capabilities, like the ones found in Microsoft Entra, the risk of compromise can be reduced by 99.22 percent, and by 98.56 percent in cases of leaked credentials.
- Use Zero Trust as your North Star for a security modernization framework across data, infrastructure, networks, applications, identities, and endpoints. This explicitly and continuously verifies every authentication transaction, ultimately helping to counter external and internal threats and reduce surface attack area.
- Modernize your government security operations center (SOC). This involves layering XDR telemetry on a cloud-native SIEM platform, then applying threat intelligence and AI security large language models to quickly detect, prevent, and respond to emerging threats.
- Always be patching. Exploits become active almost as soon as they are disclosed publicly. Software vendors are vigilant about providing updates and guidance, but they’re worthless without a systematic approach to quickly remediate vulnerable devices.
- Protect your data using a “least privilege access” model to ensure that users have the minimum permissions at the right time to perform tasks based on their roles, and then grant permissions accordingly.
Advancing government security with Microsoft
Microsoft and our global partners are here to help governments leverage technology to effectively and efficiently implement cybersecurity solutions that will place governments one step ahead of cybercriminals. Here are some helpful resources to help you on the journey:
- The Microsoft Digital Defense Report 2023—an essential, in-depth report on the threat landscape, with insights on empowering a digital defense.
- The Microsoft Zero Trust security posture quiz—provides a means to evaluate how well you are protecting identities, endpoints, data, and more.
- The Microsoft security operations self-assessment tool—an easy way to evaluate how prepared your security operations center team is to detect, respond, and recover when adversaries attack.
- For an in-depth look at how Microsoft does cybersecurity, see the Microsoft Cyber Defense Operations Center (CDOC), which brings together world-class cybersecurity specialists and data scientists in an everyday facility.
Learn more
Visit the Microsoft for Government page to learn more about how we’re helping governments secure critical environments, protect data, and achieve compliance.
