Microsoft confesses it's still falling behind on cybersecurity, but says it is working on improving
Microsoft admits it has work to do
· TechRadarNews By Benedict Collins published 24 September 2024
Microsoft has had a tricky year when it comes to cybersecurity, with the tech giant experiencing a slew of security incidents related to its products in recent months.
Firstly, Russian state-sponsored hackers were able to steal US government emails by compromising Microsoft corporate email accounts. An attack in 2023 by a Chinese state-sponsored group saw Microsoft Exchange Online mailboxes breached, including those belonging to Commerce Secretary Gina Raimondo, US Ambassador to the PRC R. Nicholas Burns, and Congressman Don Bacon.
Having then claimed security would be its number one priority, the company has now released a progress update on the Secure Future Initiative (SFI) - a program launched in November 2023 to advance Microsoft’s cybersecurity protection.
Safeguarding the future through the lessons of the past
Microsoft’s SFI update provides an overview on the progress being made to “prioritize security above all else” including updates to governance, new upskilling programs, employee security reviews, and how Redmond is addressing its core pillars of cybersecurity.
In the last year, Microsoft has enhanced its governance by creating a Cybersecurity Governance Council made up of Deputy Chief Information Security Officers (CISOs) that regularly review all things cybersecurity, including risk, compliance and defense.
Executives have also had their pay tied to security performance to enhance accountability and instill incentive to focus heavily on avoiding errors and improving on past performance. Moreover, the company introduced a Security Skilling Academy to provide employees with new cybersecurity skills and knowledge.
As for Microsoft’s six key cybersecurity pillars, the company has taken steps to improve identity and secret protection by boosting token management and phishing resistance in Microsoft’s access management solution, Microsoft Entra ID. Tenant and production protection has been enhanced through the streamlining of app lifecycle management, and the reduction of the attack surface through the removal of inactive tenants.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors