RIYADH: Democratizing cybersecurity expertise is essential to combat the rising threat of digital crimes fueled by AI tools, according to Joy Chik, president of Identity and Access Network at Microsoft.

In an interview with Arab News during the Global Cybersecurity Forum in Riyadh, Chik emphasized how AI can help bridge the workforce gap in cybersecurity.

In the first quarter of 2023, Microsoft reported a staggering tenfold increase in password-based attacks on cloud identities, escalating from 3 billion to over 30 billion per month.

The company also detected approximately 6,000 attempted cyberattacks daily over the past year, which included phishing scams and sophisticated nation-state-backed attacks targeting critical infrastructure.

“So, I think to address that, one way is to democratize the expertise in security, and that’s when Gen AI, what Microsoft would produce — the kind of copilot for security. These are the tools so that you can have the skill set to democratize and have more people enabled to leverage these tools to combat cybercrime,” Chik said. 

She added that AI can help alleviate the shortage of skilled labor in the industry. “Earlier, I talked about whether we have a shortage of cybersecurity labor, skilled laborers, if you will, and expertise, and AI is a way to democratize that.”  

“I do think it is really important that we’re not just on the defense, but also move to the offense,” Chik said. “When I say offense, it’s about secure by design, secure by default, and how we can defend against supply chain attacks.”  

Chik explained that threats range from “probably the simplest, which is attacking your credentials, passwords, or identity, to phishing attacks, and to more sophisticated, nation-state-sponsored ones, like targeting critical infrastructure.” She emphasized Microsoft’s commitment to enhancing security measures based on insights gained from real-world incidents, noting that a key aspect of the company’s Secure Future initiative is not only addressing immediate needs but also promoting a security-first mindset and culture.

Chik also highlighted Microsoft’s efforts to move toward a password-free future, stating, “We all know passwords are not secure, and yet they’re the most common way for people to log into their online services. How can we provide a simple yet more secure method for identifying individuals without requiring them to remember passwords?”

One proposed solution is passkey technology, a multi-factor authentication method developed in collaboration with Microsoft, Google, Apple, and other industry leaders.

“That is a phishing-resistant multi-factor authentication that does not require a password at all. At the same time, it uses your mobile phone, for example, but saves your credentials in a safe manner so they cannot be easily phished,” she concluded.