Sep 23, 2024
sysbraykr.com news - The tech giant with the figurative and often literal keys to everyone’s kingdom released a progress report Monday on the cyber overhaul it has undertaken following a spree of major security failures.
Microsoft — which is branding the effort as a “Secure Future Initiative” — first launched the cultural shift in November 2023 amid increasing criticism for multiple cybersecurity incidents.
That scrutiny continued in April, after the Cyber Safety Review Board found lax security controls and a company culture that did not prioritize safety. The CSRB report focused on a June 2023 operation where Chinese-linked hackers spied on the emails of Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns shortly before significant diplomatic talks.
In response to those issues, Microsoft said in a blog post touting the progress it has made in its security initiative that it will implement a new “Cybersecurity Governance Council” and appoint 13 deputy chief information security officers in engineering divisions and to other “key security functions.” Additionally, Microsoft has added a “security” section in performance reviews for all employees with senior leadership teams, tying security performance directly to compensation.
The initiative is reviewed weekly by senior leadership teams and quarterly by Microsoft’s board of directors, per the blog post. There is also new “security-specific, curated training” for all employees.
Microsoft also said it has updated management protocols around access token signing keys and extended security token logging in several services ahead of those changes to support threat detection. The company said it has “completed a full iteration of app lifecycle management for all of our production and productivity tenants.”
Logging retainment and shortening the time it takes for vulnerabilities to be mitigated is another focus, the company noted. Microsoft is also establishing a Customer Security Management Office for “public messaging and customer engagement for security incidents.”
source : https://cyberscoop.com/2024-microsoft-security-initiative/