Microsoft confesses it's still falling behind on cybersecurity, but says it is working on improving

A building at the Microsoft Headquarters campus in Redmond, Washington (2014).
(Image credit: Stephen Brashear/Getty Images)

Microsoft has had a tricky year when it comes to cybersecurity, with the tech giant experiencing a slew of security incidents related to its products in recent months.

Firstly, Russian state-sponsored hackers were able to steal US government emails by compromising Microsoft corporate email accounts. An attack in 2023 by a Chinese state-sponsored group saw Microsoft Exchange Online mailboxes breached, including those belonging to Commerce Secretary Gina Raimondo, US Ambassador to the PRC R. Nicholas Burns, and Congressman Don Bacon.

Having then claimed security would be its number one priority, the company has now released a progress update on the Secure Future Initiative (SFI) - a program launched in November 2023 to advance Microsoft’s cybersecurity protection.

Safeguarding the future through the lessons of the past

Microsoft Secure Future Initiative

(Image credit: Microsoft)

Microsoft’s SFI update provides an overview on the progress being made to “prioritize security above all else” including updates to governance, new upskilling programs, employee security reviews, and how Redmond is addressing its core pillars of cybersecurity.

In the last year, Microsoft has enhanced its governance by creating a Cybersecurity Governance Council made up of Deputy Chief Information Security Officers (CISOs) that regularly review all things cybersecurity, including risk, compliance and defense.

Executives have also had their pay tied to security performance to enhance accountability and instill incentive to focus heavily on avoiding errors and improving on past performance. Moreover, the company introduced a Security Skilling Academy to provide employees with new cybersecurity skills and knowledge.

As for Microsoft’s six key cybersecurity pillars, the company has taken steps to improve identity and secret protection by boosting token management and phishing resistance in Microsoft’s access management solution, Microsoft Entra ID. Tenant and production protection has been enhanced through the streamlining of app lifecycle management, and the reduction of the attack surface through the removal of inactive tenants.

Network protection has been improved by isolating certain virtual networks with backend connectivity to reduce the potential for lateral movement, and Admin Rules for Azure Storage, SQL, Cosmos DB, and Key Vault have been increased to help customers secure themselves.

The SLI has also resulted in 85% of Microsoft’s production build pipelines for commercial cloud using centralized governance, Personal Access Tokens have been reduced to a seven day lifespan, and checks have been introduced into the software development cycle alongside reducing the number of elevated roles that can access engineering systems.

Threat detection and monitoring has been streamlined through the introduction of standardized security audit logs and centralized log management covering 99% of network devices.

Finally, Microsoft has committed to improving transparency and reducing their time to mitigate common vulnerabilities and exposures (CVEs) across its cloud infrastructure by updating processes, as well as establishing the Customer Security Management Office to improve customer communication when a security incident occurs.

“The work we’ve done so far is only the beginning. We know that cyberthreats will continue to evolve, and we must evolve with them," noted Charlie Bell, Executive Vice President of Microsoft Security.

"By fostering this culture of continuous learning and improvement, we are building a future where security is not just a feature, but a foundation.”

More from TechRadar Pro

TOPICS
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.