Microsoft confesses it’s still falling behind on cybersecurity, but says it is working on improving
Microsoft has had a tricky year when it comes to cybersecurity, with the tech giant experiencing a slew of security incidents related to its products in recent months.
Firstly, Russian state-sponsored hackers were able to steal US government emails by compromising Microsoft corporate email accounts. An attack in 2023 by a Chinese state-sponsored group saw Microsoft Exchange Online mailboxes breached, including those belonging to Commerce Secretary Gina Raimondo, US Ambassador to the PRC R. Nicholas Burns, and Congressman Don Bacon.
Having then claimed security would be its number one priority, the company has now released a progress update on the Secure Future Initiative (SFI) – a program launched in November 2023 to advance Microsoft’s cybersecurity protection.
Safeguarding the future through the lessons of the past
Microsoft’s SFI update provides an overview on the progress being made to “prioritize security above all else” including updates to governance, new upskilling programs, employee security reviews, and how Redmond is addressing its core pillars of cybersecurity.
In the last year, Microsoft has enhanced its governance by creating a Cybersecurity Governance Council made up of Deputy Chief Information Security Officers (CISOs) that regularly review all things cybersecurity, including risk, compliance and defense.
Executives have also had their pay tied to security performance to enhance accountability and instill incentive to focus heavily on avoiding errors and improving on past performance. Moreover, the company introduced a Security Skilling Academy to provide employees with new cybersecurity skills and knowledge.
As for Microsoft’s six key cybersecurity pillars, the company has taken steps to improve identity and secret protection by boosting token management and phishing resistance in Microsoft’s access management solution, Microsoft Entra ID. Tenant and production protection has been enhanced through the streamlining of app lifecycle management, and the reduction of the attack surface through the removal of inactive tenants.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Network protection has been improved by isolating certain virtual networks with backend connectivity to reduce the potential for lateral movement, and Admin Rules for Azure Storage, SQL, Cosmos DB, and Key Vault have been increased to help customers secure themselves.
The SLI has also resulted in 85% of Microsoft’s production build pipelines for commercial cloud using centralized governance, Personal Access Tokens have been reduced to a seven day lifespan, and checks have been introduced into the software development cycle alongside reducing the number of elevated roles that can access engineering systems.
Threat detection and monitoring has been streamlined through the introduction of standardized security audit logs and centralized log management covering 99% of network devices.
Finally, Microsoft has committed to improving transparency and reducing their time to mitigate common vulnerabilities and exposures (CVEs) across its cloud infrastructure by updating processes, as well as establishing the Customer Security Management Office to improve customer communication when a security incident occurs.
“The work we’ve done so far is only the beginning. We know that cyberthreats will continue to evolve, and we must evolve with them,” noted Charlie Bell, Executive Vice President of Microsoft Security.
“By fostering this culture of continuous learning and improvement, we are building a future where security is not just a feature, but a foundation.”
More from TechRadar Pro
Microsoft has had a tricky year when it comes to cybersecurity, with the tech giant experiencing a slew of security incidents related to its products in recent months. Firstly, Russian state-sponsored hackers were able to steal US government emails by compromising Microsoft corporate email accounts. An attack in 2023 by…
Recent Posts
- The M4 Mac mini has removable, modular storage – and an important SSD upgrade
- Arcane season 2 act 1 ending explained: who is [SPOILER], when is episode 4 coming out, and your biggest questions answered
- The Best Veterans Day Mattress Deals (2024)
- This new phishing strategy utilizes GitHub comments to distribute malware
- Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
Archives
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- December 2011