Microsoft calls for proactive cybersecurity as AI reshapes the threat landscape

At its 2025 Digital Defence Report briefing, Microsoft highlights South Africa’s growing exposure to cyberattacks and the urgent shift needed from reaction to resilience.

During the 2025 Microsoft Digital Defence Report media briefing, Kerissa Varma, Microsoft Africa’s Chief Security Advisor, cautioned that South African organizations operate in an increasingly fragile digital environment. She underscored that while financial motives still drive most cyberattacks, the real target today is data, and adversaries are refining their tactics to access it faster and more precisely.

Varma explained that social engineering schemes like “click-fix” scams are becoming common, exploiting users’ urgency to solve technical issues. She also noted that although software vulnerabilities make up a small fraction of total incidents, they remain the most reliable method for breaching organizations, as they don’t depend on human error.

Business email compromise (BEC) continues to be one of the most damaging attack types. Despite representing only 2% of global activity, BEC accounts for more than 20% of successful intrusions. South Africa, she warned, has become a launch point for several criminal groups operating internationally, including the Nigerian-linked Storm 2126.

According to Varma, most identity-based attacks could be prevented with basic security hygiene such as modern multi-factor authentication (MFA), which blocks 99% of credential-based compromises. Still, many organizations fail to enforce these measures consistently, leaving gaps that threat actors exploit. Access brokers, intermediaries who sell compromised network credentials, further amplify risks, particularly across public and industrial sectors still reliant on outdated systems.

The Microsoft report notes that attackers are operating with greater speed and precision. Average dwell time, the period between intrusion and detection, has dropped to 58 days, with some espionage-motivated breaches persisting for years in government systems.

Varma also emphasized the dual role of artificial intelligence in cybersecurity: as both a tool for defenders and a weapon for attackers. AI-generated phishing attempts now succeed at nearly five times the rate of traditional campaigns, driven by their ability to analyze stolen data and craft personalized lures. “If we don’t use AI, we’re fighting a losing battle,” she warned.

She advised companies to tighten hiring processes as well, revealing cases in which threat actors infiltrated organizations through legitimate recruitment. “Always verify. Turn on cameras during interviews and confirm local phone numbers, it’s harder to fake proximity,” she said.

Microsoft’s updated approach integrates AI across its entire security stack to enable real-time defense and disruption. The company is also expanding its Digital Crimes Unit to focus on identifying individual threat actors and dismantling criminal ecosystems rather than just their infrastructure.

The 2025 report recommends that business leaders treat cybersecurity as a governance priority, not a technical afterthought. Key actions include investing in resilience by design, promoting cross-sector collaboration, fostering cybersecurity talent, and preparing for the disruptive impact of quantum computing on encryption standards.

“Boards are good at managing financial and operational risks,” Varma concluded, “but technology risk now demands the same level of attention. Cybersecurity has become a business imperative, not a choice.”