Microsoft has announced that itβs linking the fulfilment of security goals with executive compensation in a significant overhaul.
In an expansion of its Secure Future Initiative (SFI), first announced last November, the Redmond-based tech giant insists it is βmaking security (its) top priority at Microsoft, above all elseβ.
Last month, the US Cyber Safety Review Board (CSRB) claimed that Microsoft should have been better prepared for Chinese hackers breaching US government emails via its Microsoft Exchange Online software in July 2023 in the Storm-0558 cyberattack.
Microsoft confirms it is incorporating the CSRBβs recommendations and has outlined a precise series of security principles and goals. Tying leadership compensation to its success in meeting these metrics illustrates the seriousness with which Microsoft is bolstering its security.
Charlie Bell, Executive Vice President at Microsoft Security, wrote in an accompanying blog post:
We are making security our top priority at Microsoft, above all elseβover all other features(β¦) We will mobilize the expanded SFI pillars and goals across Microsoft and this will be a dimension in our hiring decisions. In addition, we will instill accountability by basing part of the compensation of the companyβs Senior Leadership Team on our progress in meeting our security plans and milestones.β
Microsoft has been criticised in recent years for its perceived lax security infrastructure. In October, compromised Skype accounts were hacked to spread the DarkGate malware, while Microsoft Teams was also targeted.
In November, Russian hackers breached Microsoftβs defences and gained access to the email accounts of several members of Microsoftβs senior leadership team and stole source code. The attack went undetected by Microsoft for nearly two months, with the breach only discovered in January.
More Details On The SFI
Microsoft has established three core security principles tied to the SFI: secure by design, secure by default, and secure operations. These principles intend to prioritise security during the design stages of products and services, emphasise default protections, and enhance controls and monitoring to address present and future threats effectively.
Bell also highlighted that Microsoft is focusing on six prioritised security pillars, the first of which is βProtect identities and secrets.β
To reduce the risk of unauthorised access, Microsoft is implementing and enforcing advanced standards across all identity and secrets infrastructure, as well as user and application authentication and authorisation. For example, they want to protect 100 percent of user accounts with securely managed, phishing-resistant multifactor authentication.
The second pillar is to βProtect tenants and isolate production systems.β Microsoft says itβs committed to safeguarding all Microsoft tenants and production environments by implementing consistent, best-in-class security practices and strict isolation measures to minimise the breadth of impact.
The third is βProtect networks,β prioritising the protection of Microsoft production networks and implementing network isolation to safeguard both Microsoft and customer resources. Another pillar is βProtect engineering systems.β This means prioritising the protection of software assets and continually enhancingΒ code security by overseeing the software supply chain and engineering systems infrastructure.
A fifth pillar is βMonitor and detect threats,β which encompasses comprehensive coverage and automatic detection of threats to Microsoftβs production infrastructure and services. Lastly, there is βAccelerate response and remediationβ. Microsoftβs goal is to prevent the exploitation of vulnerabilities identified by both external and internal sources by implementing comprehensive and timely remediation measures.
Security Copilot
Last month, Microsoft launched Copilot for Security, bringing its flagship AIβs capabilities to cybersecurity.
Microsoft introduced Copilot for Security as βthe industryβs first generative solutionβ designed to assist security and IT professionals in identifying previously overlooked threats, accelerating response times, and enhancing team proficiency. Serving as a chatbot for security admins, Copilot for Security analyses crucial information like threat summaries and security incidents.
The new capabilities of Copilot for Security encompass usage reporting, Microsoft Entra audit and diagnostic logs, seamless integration with third-party tools, and the ability to access an organisationβs curated external attack surface through Microsoft Defender External Attack Surface Management.
