Cybersecurity for government organizations is a game of speed, with cyberattackers working to compromise networks and steal data as swiftly as possible before defenders can detect and deter them. In this ongoing battle, cyberattackers have traditionally had an asymmetrical advantage.
From the moment a user clicks on a bad hyperlink in a malicious email, it can take as little as 72 minutes before an attacker begins to exfiltrate data. By contrast, it takes an average of 277 days for organizations to identify and contain a data breach.1 The advantage gap is widening, as nation-state-actors and cybercriminals are actively employing AI to step up their attacks. To cite just one measure: in 2023, password attacks globally increased from three billion to 30 billion per month.2
How governments are leveling the cybersecurity playing field with cloud and AI
The good news is that advances in hyperscale cloud and AI technology promise to help shift the balance of cybersecurity power to the defenders. In my previous blog, I examined the strategies governments can take to minimize cybersecurity risk and advance security effectiveness with Microsoft technology. Now, I’d like to explain how Microsoft Copilot for Security offers one of the most powerful new opportunities for governments to make dramatic improvements in cybersecurity, thanks to the power of generative AI.
Powerful new capabilities, new integrations, and industry-leading generative AI
Government agencies and critical infrastructure organizations are prime targets for cybercrime, for obvious reasons: the vast amounts of valuable data they hold, the importance of the assets they oversee, and economics involved. Cybercriminals target the public sector for ransomware attacks more than any other sector, and nation-state actors are ramping up their attacks on critical infrastructure and government.
Making the challenge even more difficult for governments is the growing demand for skilled cybersecurity staff. Worldwide, there is a shortage of 3.4 million cybersecurity professionals, and the problem is especially problematic for governments, who often struggle to attract and retain top talent.2
Add to this the liabilities of legacy systems, legacy mindsets, and legacy approaches to technology (any of which can hamper governments, despite their most sincere efforts), and the advantage can easily tilt in the direction of cyber adversaries.
Cybercriminals have been quick to embrace generative AI. In underground, gated internet forums—the so-called dark web—attackers share the latest innovations built on ChatGPT, effectively accelerating the ability of bad people and organizations to do bad things. A recent report attributed 85% of the rise in cyberattacks over the past 12 months to bad actors using generative AI.3 The good news is that Microsoft and other technology providers are responding with AI-powered innovations to counter the threat.
Microsoft Copilot for Security is the first generative AI security product that will help defend organizations at machine speed and scale. It combines the most advanced GPT4 model from OpenAI with a Microsoft-developed security model, powered by Microsoft Security’s unique expertise, global threat intelligence, and comprehensive security products.
Microsoft Copilot for Security is designed to work seamlessly with the systems and tools used by modern governments, specifically the security operations center (SOC) for managing security on an organizational and technical level, and the security information and event management (SIEM) solution for detecting, analyzing, and responding to threats.
Imagine an analyst investigating a potential breach in the network. Today, this person would use scripts and manual queries to correlate information from across multiple screens and disparate systems with terabytes and petabytes of data, in an attempt to evaluate security signals and draw valuable conclusions—a “needle-in-the-haystack” exercise that is both slow and unreliable.
Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team
By contrast, Copilot for Security enables analysts to use natural language to ask questions, such as, “Can you identify indicators of compromise?” “Where are we seeing suspicious logon attempts?” and so on, to rapidly assess an organization’s security posture. By analyzing and interpreting massive amounts of security data from across heterogenous environments and platforms in real-time, copilot assists the cybersecurity analyst to find detailed, actionable insights and solutions at a speed and reliability that are simply unachievable today using legacy technology. Moreover, Copilot for Security can then easily translate hunting insights or incident responses into PowerPoint slides or emails to quickly inform colleagues or leadership.
Notably, Copilot for Security empowers analysts to become more effective hunters and responders without specialized technical training. Our early private preview customer research data shows that it saves analysts up to 40 percent of their time on foundational tasks like threat intelligence assessments, and up to 63 percent of their time preparing reports. These efficiency gains free up analysts to focus more on high value tasks to secure the organization, with Tier 1 and Tier 2 analysts potentially performing tasks that would otherwise be reserved for more experienced Tier 3 or Tier 4 professionals.
Microsoft Copilot for Security is currently available through our Early Access Program and is expected to be released broadly later this year.
However, now is the time to prepare so that your environment is optimized to take full advantage of Copilot for Security when it becomes available.
The most impactful move you can make in the near term is to adopt Microsoft Defender XDR (for extended XDR, or extended detection and response), Microsoft Sentinel (a cloud-native SIEM solution), and Microsoft Intune (for endpoint management) as soon as possible. These tools deliver a unified security operations platform that complements most existing environments and investments, and they provide a strong security foundation that leverages Microsoft’s vast security data and expertise.
Beyond this, it’s important to build a strong partnership between your public sector organization and trusted companies in the private sector. At Microsoft for Government, we are committed to partnering with government customers and our global partner ecosystem to ensure long-term success. With our leading cloud and AI capabilities, our battle-tested understanding of the digital threat landscape, and the wisdom of our more than 10,000 security professionals globally, we are excited to help shift the balance of cybersecurity power from the side of the criminal over to the side of governments.
To learn more and get ready for Microsoft Copilot for Security in your organization, work with your Microsoft representative or solutions provider partner to explore an envisioning workshop or plan a national cybersecurity modernization journey roadmap.
Visit the Microsoft for Government page to learn more about how we’re helping governments secure critical environments, protect data, and achieve compliance. For United States customers, see Preparing for Security Copilot in US Government Clouds.
1Cost of Data Breach Report 2023, IBM.
2Microsoft issued annual Digital Defense Report: Espionage fuels global cyberattacks, Microsoft.
3Study finds increase in cybersecurity attacks fueled by generative AI, Security Magazine.
Alvaro leads the Global Cybersecurity Strategy for Public Sector at Microsoft. He helps government organizations implement cybersecurity strategies, enabling the modernization of cybersecurity capabilities using an AI-centric approach. He has over 18 years of experience and holds several industry certifications in security and cloud architecture.