Microsoft’s CEO says yes
Microsoft CEO Satya Nadella has unveiled plans that would see the tech giant increase its commitment to security after being hit by a series of high-profile attacks in recent months, as well as a damning report from the Cyber Safety Review Board (CSRB).
According to March 2024 report While investigating an attack in the summer of 2023, Microsoft made a series of “avoidable mistakes,” including failing to detect several compromises, the CSRB said.
During the company’s most recent earnings call, Nadella confirmed: “We are doubling down on this very important work and putting safety above all else – above all other functions and investments.”
Microsoft tackles cybersecurity issues
The bold statement marks a departure from the company’s predominant focus on AI-driven growth. Microsoft’s cloud division now accounts for 57% of the company’s total revenue as of last quarter.
The renewed commitment to safety and security addresses recent breaches, including the infiltration by Russian state-sponsored hacking group Nobelium and Chinese hacking group Storm-0558.
The CSRB report called for an immediate review and demanded that Nadella and the Board of Directors take some responsibility for overseeing certain procedures.
Nadella highlighted ongoing efforts to improve protection while strengthening threat monitoring and response capabilities. The company could also learn from its own AI tool, Copilot for Security, which promises to deliver actionable insights.
Although Microsoft is currently the most valuable company in the world, with a market capitalization of $2.965 trillion, customer confidence is showing signs of decline. The much-needed response will be closely watched not only by customers, but also by stakeholders and the rest of the industry.
Looking ahead, Nadella said: “We are focused on making continued progress on the six pillars of (Secure Future Initiative) as we protect tenants and isolate production systems, protect identities and secrets, protect networks, protect technical systems, monitor and detect threats, and accelerate response and recovery.”