World sees 600 mn cyberattacks daily, AI can secure devices: Microsoft's Chik

In an exclusive interview with Mint, Joy Chik, president of identity and network access at Microsoft, said that the implementation of machine learning and other subsets of AI is gradually helping the company take on the immense challenge of securing over 1.5 billion desktops and laptops that use the company’s Windows operating system.

“We’re using AI to analyze ‘signals’ that we receive from around the world, and assess these using machine learning (ML) algorithms for real-time risk assessment. Identifying behavioural patterns for real-time cybersecurity tracking is made possible only because of AI. Over time, advanced AI algorithms integrated within software platforms will be able to make autonomous decisions in protecting people around the world," Chik said.

For Microsoft, cybersecurity for consumers is a key challenge to address. Windows, as per estimates by market researcher Statista, is the world’s second-largest overall operating system, and the largest on desktops, laptops and tablets (collectively classified as personal computers, or PCs)—powering 27% of all devices and 71% of PCs around the world as of June this year. Google's Android is the world's largest operating system, powering 45% of all devices globally.

Read more: How social engineering scamsters have weaponized fear of the CBI, ED to defraud victims

On top of that, many Windows devices do not use the latest versions of the operating system—last year, Microsoft estimated its latest platform, Windows 11, will power 500 million devices globally by the end of this calendar year. In comparison, the company’s operating system is estimated to be present in over 1.6 billion PCs globally—making the adoption of its latest platform at around the 30%.

To enable security mechanisms, Chik said that a “seamless, frictionless end-customer experience" is mandatory. “One way of doing this is by getting rid of passwords entirely—not just for consumers, but with business services too. We’re thus developing an authentication process between services that don’t need passwords, so that there’s no risk of password breaches," she said.

Cross-company collaborations, Chik added, is key. “The creation of a passkey authentication mechanism, under the Fido alliance, came out as a result of a collaboration between Microsoft, Google and Apple—which shows the potential of building common standards."

Fido (Fast IDentity Online) Alliance is a cross-industry alliance that was set up in 2013 by tech companies including Microsoft, Apple and Google to explore ways of reducing dependency on passwords, and finding new, more secure solutions for businesses and consumers.

Industry stakeholders concurred with Chik, adding that integrating cybersecurity as a default service is key to broader enterprise adoption. Ipsita Dasgupta, US-headquartered PC brand HP's managing director for India business, said that enabling protected devices by leveraging the work done by Big Tech firms “has a lot to do with the adoption of cutting-edge AI tools integrated into devices by default."

“While AI has amplified the risk of devices being threatened both in the consumer and enterprise spheres, built-in cyber defence features using AI are helping trace these risk vectors to make devices more secure than before, from the ground-up," she said.

Sandip Panda, chief executive of Delhi-headquartered managed cybersecurity provider Instasafe, said that for Microsoft, a key challenge lies in managing multiple service provider layers within an enterprise—as well as enterprises that no longer subscribe only to a single hardware or software provider.

“Over the past 15 years, Linux and MacOS have gained ground in Indian enterprises. Today, most key executives in companies use Apple’s Mac devices. Given the increasing proliferation of other platforms, it is difficult for Microsoft to implement a full-stack security approach to enterprise software across organizations. This complicates security issues," he said.

While Panda maintained that Microsoft’s Windows remains “the mother of all platforms for cybersecurity service providers", the aspect of cost is a key factor why even enterprises that largely use Windows at workplaces look at other avenues for less expensive security options.

“Small enterprises in particular are sensitive about managing costs—and for most enterprises with large employee bases, cybersecurity costs are overheads, just like medical insurance is an overhead for HRs. Hence, reasonable pricing is a key piece of the security puzzle here, which is why enterprises look for managed cybersecurity providers outside of Microsoft’s own services, which is a premium offering even today," he added.

Chik, however, affirmed that for better security controls in both user and enterprise devices, foundational innovation is a critical way forward. To this end, Microsoft employs 34,000 employees globally working on cybersecurity engineering.

Read more: The worrying rise of fraudsters on the prowl online

“Over 4,000 password hacking attempts are made each second—quadruple of what it was before. On a daily basis, we see 600 million attacks. In such an environment, using AI is key to enabling a zero-trust model to help enterprises secure their devices. We’re also using AI to identify signals and track nation-state attackers to map attack graphs—which in turn can help us predict future cyber attackers. This way, AI is helping us gain ground on attackers, and thus design tools that can better protect identities at work," Chik said.

“Using AI in cybersecurity is indeed a race, but it is about using AI to detect attack patterns, which will help us protect ourselves even from future threats that haven’t been developed yet," she added.