Microsoft is adding more security chiefs after recent cyber attacks
Microsoft just unveiled the next step in its major cybersecurity overhaul, and that’s hiring security managers for several product groups.
After a series of major cyber attacks and the subsequent “call to arms” from the US government, Microsoft decided to completely revamp its cybersecurity practices and “put security above all else,” as CEO Satya Nadella recently put it.
An important milestone in this effort is the recruitment of additional security chiefs for product groups, Bloomberg reports. While the identities of the new officials have yet to be released, we do know a few names.
Russians and Chinese
For example, Ann Johnson, who has been a security executive at Microsoft for nearly a decade, has been named deputy CISO for consumer outreach and regulated industries. In an email to the publication, Microsoft said Johnson will work on “customer engagement and communications about Microsoft’s own security.” Johnson will report to Igor Tsyganskiy, the company’s global CISO since December last year.
About a year ago, news broke that APT29, a known Russian state-sponsored threat actor, had compromised Microsoft corporate email accounts and, through that breach, accounts of officials working at several U.S. federal agencies. “Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and exfiltration of interagency correspondence with Microsoft poses a serious and unacceptable risk to agencies,” CISA said at the time.
A few months later, Chinese hackers were believed responsible for stealing one of Microsoft’s access tools and using it to infiltrate email accounts of US Secretary of Commerce Gina Raimondo, US Ambassador to China Nicholas Burns, and hundreds of others.
All this, and more, prompted the US Cyber Safety Review Board to release a report earlier this month criticizing Microsoft’s “shambolic cyber security”.
In the meantime, Microsoft vowed to do better, creating the Secure Future initiative that Bloomberg described as the “most important security plan since co-founder Bill Gates halted Windows development in 2002 and ordered engineers to prioritize product security above new functions.” However, the company is still criticized for not doing enough.