Microsoft’s reputation on cybersecurity has taken a beating in recent months after Chinese and then Russian hackers breached the company’s systems. In response, Redmond says it’s “making security our top priority at Microsoft, above all else—over all other features.”The statement comes from Microsoft EVP for Security Charlie Bell, who outlined the company’s plan to overhaul its approach to security on Friday. “Microsoft plays a central role in the world’s digital ecosystem, and this comes with a critical responsibility to earn and maintain trust. We must and will do more,” he wrote. Trust in Microsoft’s security took a dive back in July when a suspected Chinese hacking group breached the company’s Outlook systems to steal emails from 25 organizations, including US government groups. Last month, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report blaming Microsoft’s “corporate culture that deprioritized enterprise security investments” for the intrusions, which were found to be entirely preventable. The software giant then suffered another security blackeye in January when Microsoft disclosed that a Russian state-sponsored hacking group had stolen emails from the company’s corporate teams. This allowed the hacking group to access source code repositories at Redmond and potentially hack into US federal agencies. The security setbacks have led lawmakers to accuse Microsoft—which provides software services to the US government and various businesses—of being ‘negligent’ on cybersecurity. To win back trust, the company promises to bake in security across all Microsoft products and services, and even reward executives based on implementing the cybersecurity plans. “We will instill accountability by basing part of the compensation of the company’s Senior Leadership Team on our progress in meeting our security plans and milestones,” Bell wrote in Friday’s announcement. The overhaul also means Microsoft will prioritize security first “when designing any product or service.” In addition, the company will enable and enforce security protections by default, requiring no extra effort from the user.
Recommended by Our Editors
The company is already making headway by implementing multi-factor authentication as a default “across more than one million Microsoft Entra ID tenants within Microsoft, including tenants for development, testing, demos, and production,” Bell said. Another 730,000 apps were removed from Microsoft’s internal systems for failing to meet security standards. The other significant announcement is that Microsoft plans on implementing the recommendations from CISA that it released after July’s Outlook hack. “Ultimately, Microsoft runs on trust and this trust must be earned and maintained,” Bell added.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
