No menu items!
EletiofeMicrosoft Does Damage Control With Its New 'Secure Future...

Microsoft Does Damage Control With Its New ‘Secure Future Initiative’

-

- Advertisment -

Today, in a blog post and email to employees, Microsoft is announcing a broad vision for tackling the cybersecurity challenges that have increasingly plagued the company and its customers in recent years. Known as the Secure Future Initiative, the plan leans heavily on artificial intelligence tools as a “game changer” and also includes a call for international cyberspace norms, an expansion of the company’s 2017 Digital Geneva Convention.

The most tangible and immediately applicable component of the strategy, though, relates to improvements in Microsoft’s software development and engineering approach. In Thursday’s email, executive vice president for Microsoft security Charlie Bell and colleagues Scott Guthrie and Rajesh Jha lay out a plan to further safeguard identity management systems in Microsoft products, improve security software development, and shorten response and patch release times for addressing vulnerabilities, specifically those in the cloud.

The announcement comes as Microsoft has faced scrutiny over situations where vulnerabilities in its products have enabled attackers—both financially-motivated cybercriminals and state-backed hackers—to rampage through the company’s own systems and those of customers. And the climate around accountability is evolving as regulators and law enforcement look for new paths to deterring, but also preventing, damaging hacks. On Monday, for example, the United States Securities and Exchange Commission (SEC) announced charges against the IT management company SolarWinds and its chief information security officer over “cybersecurity risks and vulnerabilities” that the SEC alleges were known and should have been addressed.

Microsoft said on Thursday that its Secure Future Initiative comes in response to wildly escalating threats from attackers. “In recent months, we’ve concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response,” company vice chair and president Brad Smith wrote.

In an interview with WIRED, Microsoft’s Bell emphasized that both cybercriminal and state-backed actors are professionalizing and homing in on phishing and creative approaches to credential theft as the most direct and effective method for infiltrating organizations of all sorts. He noted that while it is difficult to get an accurate accounting of total global economic losses due to cybercrime and cyberattacks, Microsoft believes that total losses have been greater than $6 trillion and could close in on $10 trillion by 2025.

“The threat is growing,” he tells WIRED. “It’s a huge drag on the world. So when you look at all of this going on and you say well what can we do? Microsoft is in the center of much of the ability to defend. It caused us to step back.”

Speeding vulnerability response times by 50 percent and moving toward mandating secure default settings for customers are two aggressive steps Microsoft says it plans to take to make a tangible impact on customer security. Bell says that multi-factor authentication adoption among Microsoft customers is at roughly 34 percent, but “it should be 100 percent.”

The changes come as other giants across the industry, including Google, are acknowledging the need to push secure defaults, particularly around authentication. The software development platform GitHub, which Microsoft owns, has been working on rolling out mandatory two-factor for months. Apple has long mandated two-factor for most accounts, and Google has been publicly working toward the goal for years.

On many components of the Secure Future Initiative, Microsoft is not exactly late to the party on hardline changes, but is noticeably behind the early advocates. And in general, concepts of engineering software to be secure by design or building system architecture to be zero trust were prominent features of the past decade. Yet, between cloud services and all of the legacy Windows systems around the world, Microsoft is at the very heart of IT infrastructure, and in many ways, global cybersecurity moves at Microsoft’s pace.

“It’s an absolutely terrible world if we don’t get ahead of it,” Bell says. “We have all the data right now that the threat actors—they’re poking from the outside, they see a little bit. We know everything because we’re on the inside. If we’re gonna tackle the security problem we’ve got to be real about the fact that you’re not going to flip a light switch and everybody’s running in the cloud. There’s a lot of operational ground to cover between here and there. And Microsoft is the company that supports that world, that critical infrastructure that’s out there.”

Latest news

7 Best Handheld Gaming Consoles (2024): Switch, Steam Deck, and More

It feels like a distant memory by now, but right before the Nintendo Switch launched in 2017, it seemed...

The Boeing Starliner Astronauts Will Come Home on SpaceX’s Dragon Next Year

NASA has announced that astronauts Barry Wilmore and Sunita Williams will return to Earth next February aboard SpaceX’s Dragon...

How to Switch From iPhone to Android (2024)

Ignore the arguments about which is better, because iPhones and Android phones have far more in common than some...

12 Best Tablets (2024): iPads, Androids, and More Tested and Compared

Tablets often don't come with kickstands or enough ports, so it's a good idea to snag a few accessories...
- Advertisement -

Will the ‘Car-Free’ Los Angeles Olympics Work?

THIS ARTICLE IS republished from The Conversation under a Creative Commons license.With the Olympic torch extinguished in Paris, all...

Lionel Messi will return before MLS playoffs, says Inter Miami coach Tata Martino

Inter Miami head coach Tata Martino said on Friday that Lionel Messi will return to the team's lineup before...

Must read

7 Best Handheld Gaming Consoles (2024): Switch, Steam Deck, and More

It feels like a distant memory by now, but...

The Boeing Starliner Astronauts Will Come Home on SpaceX’s Dragon Next Year

NASA has announced that astronauts Barry Wilmore and Sunita...
- Advertisement -

You might also likeRELATED
Recommended to you