In the wake of recent cyberattacks that compromised the data of millions of users and exposed vulnerabilities in its cloud services, Microsoft has announced a new initiative to improve its security and privacy practices. The initiative, dubbed “Secure Future,” aims to address the root causes of breaches, improve the resilience of its systems and restore the trust of its customers and partners.
Según una publicación de blog del presidente de Microsoft, Brad Smith, la iniciativa Secure Future se centrará en cuatro áreas clave: fortalecer la seguridad de sus productos y servicios, invertir en investigación e innovación, colaborar con la industria y las partes interesadas del gobierno, y educar y empoderar a los usuarios. Smith dijo que Microsoft está comprometido a “asumir la responsabilidad de nuestro papel en el ecosistema digital” y “hacer todo lo posible para prevenir, detectar y responder a los ciberataques”.
Some of the specific actions Microsoft plans to take as part of the Secure Future initiative include:
– Conduct a comprehensive review of your security policies and procedures and implement best practices throughout your organization.
– Increase its spending on cybersecurity by 20% over the next five years and hire more than 1,000 security experts.
– Develop new technologies and tools to improve data protection and encryption, as well as threat detection and mitigation.
– Partner with other technology companies, government agencies, law enforcement and civil society groups to share information and coordinate responses to cyber incidents.
– Launch of a new online platform to provide users with resources and guidance on how to protect their devices, accounts and data.
– Offer free security assessments and training to its customers and partners, especially small and medium-sized companies.
Smith acknowledged that the Secure Future initiative is not a “quick fix” or a “miracle solution”, but rather a “long-term commitment” that requires “continuous improvement”. He also admitted that Microsoft “fell short” of its own standards and expectations in preventing and handling cyberattacks, and apologized for the inconvenience and damage caused to its users. He said Microsoft is determined to “learn from our mistakes” and “do better” in the future.
The Secure Future initiative is expected to launch in early 2024, with regular updates and reports on its progress and impact. Smith said Microsoft hopes the initiative will not only improve its own security posture, but also contribute to “a safer digital world for everyone.”
The strategy Microsoft announced Thursday has many aspects, but one of the most concrete and relevant is how it will improve its software engineering and development practices. In an email to employees, Charlie Bell, Microsoft’s executive vice president of security, and his colleagues Scott Guthrie and Rajesh Jha outlined a plan to strengthen the security of identity management systems in Microsoft products, improve the quality and security of software code, and reduce the time and effort needed to respond to and fix vulnerabilities, especially those affecting cloud services.
This announcement comes at a time when Microsoft has been criticized for some incidents in which flaws in its products have allowed attackers (both profit-seeking cybercriminals and state-sponsored hackers) to compromise Microsoft’s own systems and those of its customers. The situation is also changing as regulators and law enforcement agencies seek new ways to deter and prevent harmful attacks.
For example, on Monday, the U.S. Securities and Exchange Commission (SEC) filed charges against SolarWinds and its chief information security officer for allegedly failing to disclose and address “cybersecurity risks and vulnerabilities” that the SEC said were known.
Microsoft said Thursday that its Secure Future Initiative is a response to growing threats from attackers. “Over the past few months, we have come to the conclusion within Microsoft that the increasing speed, scale and sophistication of cyberattacks demand a new response,” wrote Brad Smith, vice president and president of Microsoft.