)
This announcement comes in response to a series of nation-state cyberattacks targeting Microsoft’s products, which resulted in unauthorised access to email accounts belonging to high-profile government employees
read more
Microsoft has announced a comprehensive overhaul of its processes to prioritise cybersecurity, following the n number of recommendations it got from the US government.
This move comes in response to a series of nation-state cyberattacks targeting Microsoft’s products, which resulted in unauthorised access to email accounts belonging to high-profile individuals, including a cabinet secretary and senior executives.
The significance of this overhaul comes from increasing concerns over cybersecurity vulnerabilities within Microsoft’s ecosystem.
These concerns escalated following incidents involving Chinese and Russian espionage activities exploiting relatively simple entry points, as highlighted by a government review board.
Charlie Bell, Executive Vice President of Microsoft Security, emphasised that the company is committed to earning and maintaining its users’ trust in the digital realm. Bell outlined three core principles guiding Microsoft’s revamped production cycles: secure-by-design, secure-by-default, and secure operations.
Key initiatives will include:
– Implementation of multi-factor authentication by default for all user accounts.
– Retention of security logs for a minimum of two years, with six months of relevant logs accessible to customers.
– Appointment of deputy Chief Information Security Officer (CISO) positions to oversee the integration of numerous security enhancements.
– Integration of Microsoft’s threat intelligence offices under the CISO’s office, streamlining security operations.
Microsoft CEO Satya Nadella reiterated the company’s dedication to cybersecurity in a memo that was sent out to employees, which emphasised the priority of security over other considerations, even if it means delaying new feature releases or retracting ongoing support for legacy systems.
This shift towards bolstering cybersecurity aligns with earlier plans announced by Microsoft in November, coinciding with the government’s investigation into a China-backed cyberattack. Nadella’s recent statements during the company’s quarterly earnings call underscored Microsoft’s heightened focus on cybersecurity.
The proactive stance taken by Microsoft has garnered praise from top cybersecurity officials, including Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA). Easterly commended Nadella’s personal commitment to security and emphasized the importance of prioritizing cybersecurity in product development.
As cybersecurity continues to be a top priority for governments and businesses alike, Microsoft’s initiatives will be closely monitored to assess their effectiveness. Government officials are keen to see tangible outcomes from Microsoft’s new cybersecurity principles, signalling a broader industry-wide push towards enhancing digital security practices.
(With inputs from agencies)
This post was originally published on 3rd party site mentioned in the title of this site
