In an interaction with Meenu Chandra –Senior Attorney, Lead, Digital Crimes Unit of Microsoft India, Dataquest got insights on how the cyber security space is becoming more complex and how businesses can stay safe. Excerpts:
What is threat landscape like? How are cyber crooks taking governments and law-enforcement agencies for a ride?
Recent years have seen the rapid growth of the Internet and growing reliance of societies on information systems. From hackers causing mischief to organized crime syndicates employing sophisticated financial ruses against institutions, businesses, and individuals, the surge of sophisticated, targeted cyber-attacks highlights the need for improved defenses. Everyone must protect against cyber attackers who assiduously research their targets, analyze their weaknesses, and use this information to tailor their assaults. The Asia Pacific region is especially vulnerable with emerging markets most at risk of malware threats. Further, it generally takes on average up to 200 days for organizations to find out that they have been victims of cyber attacks. At Microsoft, security is a core focus and we invest more than a billion dollars in security research and development. We are working with partners across the globe in better approaches to secure digital assets in a mobile first, cloud first world.
In what ways does Microsoft handle cybercrime?
Microsoft’s Cyber security team works with government, industry, academia, and policy experts to identify and analyze strategic cybersecurity issues on the horizon, forecasting technology and policy shifts and driving change in the way Microsoft deals with cyber threats. Additionally, we help guide enterprises through their critical digital transformation—from helping them understand their current security posture to developing cybersecurity strategies that support their business goals, and implementing comprehensive solutions across three functional core areas: Protect, Detect and Respond.
How does Microsoft protect consumers and businesses?
Microsoft stands for trust when it comes to securing consumers and businesses. Microsoft takes a three-pronged systematic approach to deal with cybercrime incidents:
We Protect: We look at how to appropriately secure identity, data, applications, devices, and infrastructure—whether it be cloud or on-prem. This requires an approach to security that considers all your end-points, from sensors to the datacenter.
We Detect: In the past, we relied on malware signatures to recognize threats. Now, we apply intelligent, behavioral-based approaches to threat detection that can rapidly recognize entirely new threats. We enable customers to use those insights and immediately act on them.
We Respond: Many of us have invested in protecting against threats, but we’ve learned that our ability to make threats go away entirely is limited. What we can control is our readiness and response in the face of ongoing threats. Doing this well means assuming breach at any point and continuously operating with this readiness mentality.
Is there anything Microsoft doing specifically to keep businesses safe in the cloud?
To protect against growing cyber threats, we continue to make investments to keep us all digitally secure. The opening of Microsoft Cyber Defense Operations Center( CDOC in 2015 was a step in that direction. A crucial component in responding to cyber-threats is sharing of information and how quickly it can be acted upon. This was the genesis of developing the CDOC, which is not a single organization, but a strategy by which Microsoft brings together multiple security teams to protect Microsoft’s hyper-scaled cloud infrastructure and services, our products and devices, and our internal corporate resources. The Cyber Defense Operations Center facility provides a centralized hub for our front line protectors and defenders from these security teams, who are connected to more than 3500 security professionals across the company.
At what level is Microsoft engaged with government agencies around the world to deal with cyber security issues and cyber crime prevention?
Microsoft’s Digital Crimes Unit is an international team of attorneys, investigators, data scientists, engineers, analysts and business professionals based in 30 countries, all working together to transform the ongoing fight against digital crime.
Since 2010, DCU has worked with law enforcement agencies and the industry, leveraging novel legal strategies, to disrupt the cybercriminals and put people back in control of their devices. DCU uses civil law to take action against cybercriminals while law enforcement seizes the physical infrastructure. As a result of DCU’s malware disruption cases, tens of millions of infected devices have been rescued and cleaned, in partnership with global Computer Emergency Response Teams (CERTs) and Internet Service Providers (ISPs) around the world. Threat intelligence from these cases is also engineered into Microsoft platform and services, providing further protection for customers. The DCU has a long history of public and private partnerships, working together to combat technology-facilitated crimes. Partnering with Law Enforcement globally, NGOs, industry customers, security vendors and security researchers, the DCU believes that it is only through public and private partnerships that we can scale to combat technology-facilitated crimes in a meaningful way with each partner bringing unique skills to the table.
Is this intelligence built into Microsoft products and services?
Definitely, we work with our engineers to build this intelligence back into our products and services. For example, if you are an Azure Active Directory Premium or an Enterprise Mobility Suite customer, on log-in, it checks to see if an IP that is attempting to log into your service is connected to an infected device that we know about from our sinkhole—and if it is, you as the owner of the service can make a decision whether to allow or block access to your service.
We also work with the Microsoft’s Enterprise Cybersecurity Group and, where appropriate, they use this data to work with customers to protect against or respond to security breaches. The Azure cloud has also allowed us to create an efficient architecture and faster/easier access to our data. In fact, DCU has had its own journey from on-prem to the cloud. Previously when we did a malware disruption, it would take 48 hours+ to start seeing those infected devices coming into our sinkhole. Now it takes only minutes.
In India, Microsoft has recently announced the setting up of Cyber Security Engagement Center (CSEC) being led by Microsoft’s Digital Crime Unit (DCU). The CSEC aims to drive public-private partnerships to fight cybercrime, strengthen the cooperation with Indian businesses, government and academic organizations on cybersecurity, and increase its contribution towards securing Indian computer and internet users from cybercrime threats.
To talk to a cyber security expert today. click here