In the past year, ransomware attacks have been up almost 300%, with over 50% targeting small businesses. To help mitigate this increase, Microsoft is launching their new Security Copilot, and we sat down with their SMB Security Strategy Head, Binil Pillai, to learn more.

We dive into the importance of SMBs assessing their security posture, how to leverage AI for efficient threat detection and response, and the role of Microsoft's partner ecosystem in providing comprehensive security solutions. The episode concludes with advice for SMB leaders on starting their security assessments and the benefits of integrating AI into their cybersecurity strategies.

Overall, ransomware attacks have been up almost 300 percent in the past year and over 50 percent targeting small businesses. The economic cost of these attacks for small and medium business can be catastrophic. With over 60 percent of small businesses not being able to operate after they have been experienced a cyber attack.

Episode Highlights:

  • 01:39 Why is SMB security a priority for Microsoft?
  • 07:34 Key security challenges for SMBs 
  • 09:26 How can SMBs leverage AI within security?
  • 16:28 How VPs of Engineering can use new tech to deal with threats
  • 20:25 Microsoft Security Copilot 
  • 24:30 Where is the best place to learn about Microsoft's security strategy?


Show Notes:

Transcript

(Disclaimer: may contain unintentionally confusing, inaccurate and/or amusing transcription errors)

Binil Pillai: 0:00

Overall, ransomware attacks have been up almost 300 percent in the past year and over 50 percent targeting small businesses. The economic cost of these attacks for small and medium business can be catastrophic. With over 60 percent of small businesses, uh, are not being able to operate after they have been experienced a cyber attack. This is a painful reality and this is where Microsoft as a company, together with our partner ecosystem, want to reach out to the SMB customers and engage them to accelerate their digital transformation journey with security.

0:41

Is your engineering team focused on efficiency, but struggling with inaccessible or costly Dora metrics. Insights into the health of your engineering team, don't have to be complicated or expensive. That's why LinearB is introducing free door metrics for all. Say goodbye to spreadsheets and manual tracking or paying for your door and metrics. LinearB is giving away a free. Comprehensive Dora dashboard pack the central insights, including all Forkey Dora metrics tailored to your team's data. Industry standard benchmarks for gauging performance and setting data-driven goals. Plus additional leading metrics, including emerge, frequency, and pull request size. Empower your team with the metrics they deserve. Sign up for your free Dora dashboard today at LinearB dot IO slash Dora. Or follow the link in the show notes.

Conor Bronsdon: 1:28

Welcome back to Dev Interrupted, everyone. I'm your host, Conor Bronsdon, and I'm here today with Benil Pillai. Benil is the worldwide SMB security strategy head at Microsoft. Thanks so much for joining me, Benil.

Binil Pillai: 1:39

Thanks for having me here. Thank you.

Conor Bronsdon: 1:40

Yeah, it's great to catch up with you. We've had some amazing conversations on security in the past, and I'm so glad to have you on this show because this conversation's importance continues to grow. The evolving threat landscape that we're seeing in cybersecurity today can be really concerning, and it's hard to know how AI is going to impact that. And it's, we're really seeing that change how security, uh, functions in today's digital space. The space is changing so rapidly and the threats, but also opportunities for businesses are evolving. And this is a topic that I don't think we address often enough here on Dev Interrupted. It's an area of risk for many companies that are hyper focused on building new features and delivering customer value, but maybe underestimating the risks of their security posture. Uh, and with that in mind, but no, I'd love to ask you to introduce yourself so the audience gets to know you before we dive into the meat of why this matters so much.

Binil Pillai: 2:33

Absolutely. Again, thank you so much for having here. My name is Binal Pillai, and I lead the Microsoft security business for small and medium customer segments worldwide. I've been with Microsoft for almost 12 years, helping customers transform digitally with security value proposition.

Conor Bronsdon: 2:51

Fantastic, and Benil, I know this is something you're really passionate about because, uh, you've seen, and I know Microsoft has seen this, where security in SMB has not always been a priority, and it seems like that's a major concern for you and the work you've done.

Binil Pillai: 3:07

Absolutely, so this is this is an area for a high interest, not only from a Microsoft as a company point of view, it's from a worldwide stand. This is a combined responsibility, including Microsoft to address the need for the customer and help them to improve their security posture. So we took it as a mission. How we can help customers to improve the security posture. At the same time, how we can help the community to understand much about security. So their position is much better in terms of ensuring as a consumer, as an enterprise, or as a small and medium business owners. So that's the big mission that we have in place at Microsoft today.

Conor Bronsdon: 3:46

Why is it that you see SMB as particularly at risk for security compared to other segments?

Binil Pillai: 3:53

Yeah, I think you see small and medium business account for the majority of businesses worldwide and are important contributors to job creation and global economic development. They represent about 90 percent of businesses and more than 50 percent of employment worldwide. If you look at in the U. S., we have nearly 32 million small businesses, which account 99 percent of all U. S. businesses. So in this small and medium business driven world, things are rapidly changing due to an urgency in digital transformation enabled by cloud and AI services. After COVID 19, majority of SMBs are following a hybrid work environment where their workers are increasingly distributed, able to work on. Kind of more flexible schedules in a variety of places with increased mobility and across more and more devices that might be company provided or personal devices. For example, iPhone. All this newfound freedom is refreshing and great for the workforce. But this distributed landscape can also pose security challenges. A couple of statistics. Overall, ransomware attacks have been up almost 300 percent in the past year and over 50 percent targeting small businesses. The economic cost of these attacks for small and medium business can be catastrophic. With over 60 percent of small businesses, uh, are not being able to operate after they have been experienced a cyber attack. This is a painful reality and this is where Microsoft as a company, together with our partner ecosystem, want to reach out to the SMB customers and engage them to accelerate their digital transformation journey with security.

Conor Bronsdon: 5:47

It feels like a lot of small and medium sized businesses underestimate this because they're so focused on delivering value to their customers and they think, oh well I can worry about this later. It's the enterprises that really have to worry about security. They're the targets, but Uh, to your point, there are significant threats that are facing SMB businesses and, uh, it sounds like ransomware is a major one of, Do you view like zero trust as a concept that can help a lot of small businesses improve on this by saying, okay, look, we have these devices that our employees are using to access, you know, work data, you know, maybe distribute across the country or even worldwide, We need to accelerate our kind of like baseline security or what, how are the, how are you thinking about the postures that are, are really gonna be impactful for, SMBs?

Binil Pillai: 6:35

Yeah, absolutely. You mentioned a very interesting point about zero trust, right? I think that is the, the principle that we want every organization to understand and adopt. And there are multiple layers when you look at zero trust, right? One is, uh. Uh, you know, you know, in Microsoft terminology, we say that assume breach and then move on to really measure, develop the right cyber security measurements to really do the right thing, one, to improve your security posture, and two, how do we react to something happens, uh, you know, to your environment from a security breach standpoint. So I think what is important is for understanding at the leadership level for every small, medium business, as well as enterprise, What does it mean, you know, Zero Trust mean for them. How do we adopt that principle into the organization? And what kind of technology and tools that they should adopt? There are a variety of methodologies and framework available for organizations to develop and design their own Zero Trust architecture within the within their organization limits, right? So that is a key piece. You have to define your own Zero Trust journey and make sure you take the right action to improve your security posture. So again, a summary, I would say that it's a leadership decision. It's the development and implementation of your version of Zero Trust that makes sense for you, and then make sure how do you really enable the tools and framework and technology to make that happen. So for me, it's a journey and that's exactly I was kind of a Writing up in the book to explain, uh, in a variety of organizations, including enterprises, small, medium business, and even consumer, right? To understand the methodology and how do we learn and leverage these to adopt, to minimize the risk in a day to day business standpoint.

Conor Bronsdon: 8:21

Are there other key challenges that you see SMBs having around security today?

Binil Pillai: 8:26

I think that there are two primary challenges. One is definitely, like I said, the SMBs are unfortunately being a target from an attacker's point of view because it's their less effort, you know, because easy to enter and they can really do their You know, kind of work to really get maximum output from a small uh, company point of view. So that's a, that's a one big challenges. The, the second challenge is in the adoption of the tool, uh, you know, probably something SMBs need to, you know, to completely leverage on, uh, partners. And the idea Microsoft would love to bring in, we have a partner ecosystem that is available to support our SMBs to make sure. How do we get the customer access to the best tools and technologies from a proactive, you know, threat protection standpoint? So the partners can provide the best, you know, tools and solution, like we know, Endpoint Detection and Response Service or Managed Detection and Response Service and, you know, Security Operations Center type of services. That could be a huge value for SMB because we know that majority of the SMBs do not have the right level of resources. I mean the cyber security resources in place, so they have to heavily, you know, rely on the partner. So we would love to encourage every SMP to work with the partner ecosystem, um, you know, so that they get maximum coverage from a security perspective through the services they provided today.

Conor Bronsdon: 9:54

So this is really interesting in the context of our two audiences of this podcast. We have the leadership audience, which is, you know, VPs of engineering at those SMBs, maybe a director of engineering enterprise. And then we have the senior software engineer who wants to become a leader, the junior software engineer who sees these opportunities. And one of the big things that we've heard about, you know, both broadly in software development in society and definitely in security is generative AI and its impact. I know it's having a major impact on the security landscape, particularly for SMB. How should those two kind of audiences who are listening be thinking about leveraging AI within software development and within the security landscape in particular?

Binil Pillai: 10:38

Small and medium businesses are are at an increased risk of cyber attacks due to their lack of basic security measure. As I explained earlier, uh, cybercriminals are drawn into this business as an easy target for low risk high reward attack point of view. And SMBs are keen to explore the possibilities that generative AI can bring to to accelerate their growth beyond what they could significantly add value from a cybersecurity perspective. As a branch of artificial intelligence, generative AI offered several benefits for SMBs in general. As AI technologies become more perversive across various domains, Ensuring their security becomes crucial, uh, even though we believe AI powered security solutions offer cost effective alternatives for SMBs with limited, uh, with limited budget and resources. In another aspect, generative AI can be crucial in SMB cybersecurity by providing advanced capabilities. to detect, analyze, and respond to potential threat. Putting aside these risks, Generative AI offers an outstanding opportunity to change the balance between attackers and defenders, especially for SMBs that lack resources. I think to the audience you mentioned earlier, I just wanted to call out some of the examples how this really make it happen in real time. Let's take some of the, uh, let's take some of the, uh, cool example. Number one is anomaly detection. Uh, Gen AI can be used as a tool to discover patterns and behaviors of normal network traffic and user activities or even system operations within IT infrastructure. The second one is a rapid monitoring. It can also help a security analyst doing the work to reason over the massive data stores and detect and respond faster. The last one, but not the least, is fast learning. It can enhance education and quicker understanding of the people they do have working in IT and security. This will be a great advantage, especially for SMBs lack skilled cyber security resources. what actually Microsoft does in this space is basically we kind of bring these insights into our existing product. For example, for SMBs, if they are interested in AI, we do have existing capabilities such as automatic attack disruption and automated investigation and remediation in Microsoft Defender for Business, Business Premium, and MME3. Maybe we'll go a little bit detail into those capabilities to to share some insight for the audience here. The first one is, automatic attack disruption is designed to contain attacks in progress, limit the impact on organization asset and provide more time for the SOC analyst to remediate the attack fully. It identifies assets controlled by the attacker and used to spread the attack. It automatically takes responses, uh, action across relevant Microsoft Defender products to contain the attack in real time by isolating affected assets. You know, assets. This is a game changing capability, uh, limits a threat actor's progress early on and dramatically reduces the overall impact of an attack from associated cost to loss of productivity. The, the second capability is automated investigation and remediation. This uses a variety, uh, and various inspection algorithm and is based on A process is that are used by security analyst, AIR, you know, capabilities are designed to examine alerts and take immediate action to resolve breaches. It operates in three key, three key stages. The first one, it starts when an alert is triggered and incident is created. For example, suppose a malicious file is, uh, file resides on a device. When that file is detected, an alert is triggered and an incident is created. While the investigation is running, uh, any other alerts generated from the device are added to the ongoing automated investigation until that investigation is completed. In addition, if the same thread is seen on other devices, those devices are also added to the investigation. That is how it expands the scope while running. And as alerts are triggered and an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be malicious, suspicious, or no threat found. As verdicts are reached, automated investigation can result in one or more remediation action. So I have gone through some of the existing capability, I mean security, AI capability, that we have in our current products. With these capabilities, we can act now together with our partner ecosystem as they have a significant role to play in today's business.

Conor Bronsdon: 15:52

This is really interesting because, uh, I mean, this is something you and I wrote about and talked about a lot back in 2018 2019 when we were working together at Microsoft was this possibility of how AI can extend the capability of security and engineering leaders worldwide. Now it feels like it's all kind of coming to fruition and there's this huge opportunity from, from what you're saying for, uh, SMB technical leaders to, uh, level up and leverage AI solutions to, uh, make a bigger impact for themselves, make their companies more secure and maybe get promoted in the process.

Binil Pillai: 16:30

Absolutely. I think that's a, that's an evolution, we have been going through, especially in the last three, four years, the AI become a predominant, focus and driving that motion in a high impactful way, uh, and customer point of view, partner point of view, as well as the technology provider point of view. And, uh, this is going to be a game changing, uh, in the future of cybersecurity for sure.

Conor Bronsdon: 16:53

So if I was a technical leader at an SMB and I'm listening to this and I'm saying, okay, uh, maybe I, I run our engineering team or I'm the CTO and our security team reports into my org. And I'm thinking, how should I be leveraging AI for security? What's the strategy approach I should be taking? What would be kind of the framework that you would suggest to that CTO, that VP of engineering as they think through. Um, how to take advantage of these new technical capabilities and also how to address these new threats.

Binil Pillai: 17:29

Yeah, absolutely. So that's a good question. The first one is to really, um, you know, understand and unlock, uh, the product capability. That's the first thing. would, I would ask from a CTO and technology leader perspective, understand the security posture is the step zero. Um, there are various ways you can do that. The first one is, you know, run a maturity or, uh, you know, posture assessment. Where they are in the security maturity are they in one or two? Maybe we can have it like one to five ranking and that will help us to understand the gap in your current security maturity. That's the first step and then the second step is potentially look at. The conversation we had a few minutes ago about the zero trust architecture to bring that in to really make sure how do we really address and build a plan to address the gap, right? Based on the maturity assessment or cyber security solution assessment, whatever, uh, and based on the outcome. A recommendation from that assessment we can identify what is the next step in order to address the gap in your security posture. And the third element I would really suggest is basically uh, you know, work with the partner ecosystem. Basically this is a big step for SMBs. Like I said, they may not have the right resources in place to do internally, so they need the skill resources from an expert and who does all this on a day to day basis. So that is the third element to bring the partner ecosystem into it. And. you know, provide that technology solution to address the gap, as well as how do we maintain that technology from a day to day security coverage standpoint, right? Because the threat can happen anytime to anyone. So we have to have a constant monitoring of your environment, both from internally as well as externally, so that someone who does that job from a regular monitoring standpoint is super important. And that also comes with threat hunting, threat monitoring. As well as remediation action, right? So that's actually the third step. So from a technology leader, to have that end to end picture is super important. So they can actually lean in and support where they need to prioritize things across the organization and across the technology they have in place. Now, interestingly, uh, like typically in SMB world, you may not have an individual like a CTO or CIO. And perhaps what I see in majority of the cases, the owner of the company himself or herself is kind of a CTO and technology leader. So it's, it's important for them to really learn and understand the challenges and how do we minimize the risk from a business angle and then leverage the technology, including AI to mitigate the risk and improve the security portion. I think that's what I would encourage for the leaders to consider. And then. Pull all delivers tools and technologies and framework to support you in order to improve your security posture, as well as minimize the risk.

Conor Bronsdon: 20:29

Thank you for those actionable takeaways. I hope that, you know, they help some leaders in this audience to kind of take these next steps and think through their strategy here, because to your point, it's always easier to Understand and address security at the baseline level to, you know, have endpoint defense, to set that zero trust posture, to do these things before you build a lot, before you, uh, push forward, because otherwise you may have a breach that you have to address. You may have to come back and, and fix something that's already broken. It's better to Build with, uh, security in mind and have it be like a basic principle of the organization of how you're, you know, developing software, how you're transitioning in the cloud, whatever it may be. An area that I know a lot of our audience is already investing time and resources in is leveraging GitHub Copilot to improve the speed of code generation and, uh, improve the ROI of their engineering teams by just increasing efficiency across the board. And I've heard that Microsoft Security Copilot is very soon going to be launching to public availability, maybe even by the time this episode actually publishes. Uh, could you share some information and maybe insights with our audience about what they can expect from that.

Binil Pillai: 21:42

Like all of you, I'm also super excited to see that product coming up. Just to give you a little bit of a, you know, overview about the security co pilot. It is the first generative AI security product designed to defend our customers at machine speed and scale. It combines the most advanced GPT 4 model from OpenAI With a Microsoft developed security specific model powered by Microsoft Security's unique expertise, global threat intelligence, and comprehensive security product portfolio. Security Co Pilot is designed to help security operations center analysts to be more effective and efficient at all roles they play across security. That's a key. And I think, uh, from our early customer experience. Feedback on the product is very exciting and very interesting. They see huge value in the natural language model we use because with security copilot, the analysts don't need to write a complex script. They can simply ask questions in English. And Security Co Pilot understand the context, set the plan in motion, and provide prescriptive guidance resulting in significant productivity gains. And what I kind of learned, uh, you know, the Microsoft Security Co Pilot advantage is a few things. Number one, uh, the design behind Security Co Pilot is not just about talking OpenAI and rolling it with, with it. Microsoft Mechanics And the second one is SecurityCopilot runs on our security and privacy compliant hyperscale infrastructure that is unique to Microsoft and brings the full benefit of being on the Azure cloud. And the third one, if we add our cyber specific model, which works to create a cloud loop learning system that has an ever growing set of security specific skill. Microsoft And finally, the security co pilot is at the heart of Microsoft's security product portfolio. It deeply integrates with our existing product experiences and workflow across Defender, Sentinel, Intune, Entra, Purview, and Priva so that security professionals see the full benefit of Uh, you know, security, uh, co pilots, assistants as they go about daily work. I'm super excited to see the product coming to reality, for addressing the world's problem, for our customers and partners.

Conor Bronsdon: 24:10

It sounds like we could even see Security Co Pilot enable less senior engineers and less senior security analysts to increase their effectiveness, which, particularly for SMBs, can be hugely impactful given that, you know, SMB may not have several security analysts at the road a problem.

Binil Pillai: 24:28

Yeah, I'm with you. Absolutely. If I look at the product capability, it helps a lot for the customers as well as partners. I think one, it's a one product. It can actually provide a lot of value from an end to end customer point of view, end to end security threat point of view. For the partner, it's a tool they're going to definitely leverage a lot, uh, to have an insightful view in the product Customer environment, connecting whatever the product they are on. It's pull the information and provide the end to end, uh, you know, capability to analyze the data and then provide the right practice step. So it's kind of a game changing tool for everyone, um, uh, you know, as a solution.

Conor Bronsdon: 25:08

This has been a wonderful conversation, Benil. I think there's a lot of value in here for our audience as they think about security, particularly for folks in the SMB. Could you share where the best place for folks to go to learn more from you and about Microsoft security strategy?

Binil Pillai: 25:25

The first thing I would love to encourage and look at the Microsoft security landing page. And we have a blog site for security and we'll. I'll see a lot of Microsoft tall leadership documents, uh, and from a from a looking forward perspective that what we see in the market in every market today and what we can do better to support the customer needs. That's number one. We have a product portfolio that categorized by capability as well as by segment. Uh, majority of the products are available for enterprise customers. We do have a special, uh, product designed for small medium business customers. Like I mentioned, uh, Business Premium is a great example. Microsoft Defender for Business is another product designed for, uh, small and medium business. So, uh, yes, absolutely Microsoft security product portfolio landing page, uh, provide the entire portfolio view of, uh, infra Microsoft. I think that may be a better place. The other one I will encourage, uh, an audience to look at it, especially from SMB point of view. We have a cybersecurity solution assessment that's available for, customers. And what it does is basically it's a, it's a self-service. Cyber Security Solution Assessment means the customer can, click on it and answer a few questions and, you will get a report from, uh, Microsoft, approved vendor in terms of providing what actually the security posture of your, uh, Your environment and if you don't have a, you know, security, you know, personal in your organization and definitely your partner can also do a cyber security assessment on behalf of you and that is also available in our, you know, cyber security assessment in our public website.

Conor Bronsdon: 27:15

Great, we'll be sure to include links to that in the episode description. Banil, do you have any closing advice for our audience around security?

Binil Pillai: 27:23

Yeah, absolutely. So I wanted to say that security is a foundational capability for successful business and operations. And we hate to see a situation where customers business operations are being interrupted and their reputation is being challenged due to lack of security capability. For small, medium business customers, they may not have a second chance if something similar happened to them. So first, we wanted to make sure customers assess their security posture so that you take the right step to mitigate, uh, you know, their risk. Uh, and gaps. So please make sure security hygiene as a first step. The second one, we have AI capabilities in our existing solution. Security products for SMB, uh, we discussed some of them briefly, like automatic attack disruption and, uh, and others. Uh, AI and automation, uh, can be implemented to ensure speedy investigation and remediation routines. We believe AI powered security solutions offer cost effective alternatives for SMBs with limited budget and resources. So, by embracing AI capabilities, SMBs can can harness the power of generative AI to enhance cyber security resiliency. Our partners can ensure their support for SMP customers by leveraging cyber security based AI product.

Conor Bronsdon: 28:50

Perfect. Well, Banil, I've really enjoyed this conversation. It's great to catch up with you and to see the fruits of kind of all this labor these last years come thank you to, uh, you know, fruition for, for Microsoft here, because it's clear there's a huge opportunity to improve the security of businesses worldwide, particularly in SMB, uh, given the attack surfaces they're seeing. So thank you so much for joining me for this conversation.

Binil Pillai: 29:13

Thanks a lot, Conor. Really appreciate and thanks for having me here.

Conor Bronsdon: 29:16

And if you want to get more conversations like this and get in depth articles as well, remember to check out our Substack at devinterrupted. substack. com. And that's all for this week. We'll talk soon all..