Microsoft controls the damage with its new 'safe future initiative'
In the wake of recent cyberattacks that compromised the data of millions of users and exposed vulnerabilities in its cloud services, Microsoft has announced a new initiative to improve its security and privacy practices. The initiative, called “Secure Future”, aims to address the root causes of breaches, improve the resilience of its systems and restore the trust of its customers and partners.
According to a publication by blog From Microsoft President Brad Smith, the Secure Future initiative will focus on four key areas: strengthening the security of its products and services, investing in research and innovation, collaborating with industry and government stakeholders, and educating and empowering the users. Smith said Microsoft is committed to "taking responsibility for our role in the digital ecosystem" and "doing everything we can to prevent, detect and respond to cyberattacks."
Some of the specific actions Microsoft plans to take as part of the Secure Future initiative include:
– Conduct a comprehensive review of your security policies and procedures and implement best practices throughout your organization.
– Increase your cybersecurity spending by 20% over the next five years and hire more than 1.000 security experts.
– Develop new technologies and tools to improve data protection and encryption, as well as threat detection and mitigation.
– Partner with other technology companies, government agencies, law enforcement, and civil society groups to share information and coordinate responses to cyber incidents.
– Launched a new online platform to provide users with resources and guidance on how to protect their devices, accounts and data.
– Offer free security assessments and training to your customers and partners, especially small and medium-sized businesses.
Smith acknowledged that the Secure Future initiative is neither a “quick fix” nor a “silver bullet,” but rather a “long-term commitment” that requires “continuous improvement.” He also admitted that Microsoft "failed" to meet its own standards and expectations in preventing and handling cyberattacks, and apologized for the inconvenience and harm caused to its users. He said Microsoft is determined to “learn from our mistakes” and “do better” in the future.
The Secure Future initiative is expected to launch in early 2024, with regular updates and reports on its progress and impact. Smith said Microsoft hopes the initiative will not only improve its own security posture, but also contribute to "a more secure digital world for everyone."
The strategy that Microsoft announced on Thursday has many aspects, but one of the most concrete and relevant is how it will improve its software engineering and development practices. In an email to employees, Charlie Bell, executive vice president of security at Microsoft, and colleagues Scott Guthrie and Rajesh Jha, outlined a plan to strengthen the security of identity management systems in Microsoft products, improve quality and software code security and Reduce the time and effort required to respond to and remediate vulnerabilities, especially those affecting cloud services.
This announcement comes at a time when Microsoft has been criticized for some incidents in which flaws in its products have allowed attackers (both profit-seeking cybercriminals and state-sponsored hackers) to compromise Microsoft's own systems and those of Your clients. The situation is also changing as regulators and law enforcement agencies look for new ways to deter and prevent harmful attacks.
For example, on Monday, the U.S. Securities and Exchange Commission (SEC) filed charges against SolarWinds and its chief information security officer for allegedly failing to disclose or address “cybersecurity risks and vulnerabilities” that, according to the SEC, they were known.
Microsoft said Thursday that its Secure Future Initiative is a response to growing threats from attackers. "In recent months, we have come to the conclusion within Microsoft that the increasing speed, scale, and sophistication of cyberattacks demand a new response," wrote Brad Smith, vice president and president of Microsoft.
