Microsoft reveals plan to improve internal cybersecurity
Continue reading
2
3
4
On May 3, 2024, Microsoft outlined the major points of its plan to improve cybersecurity practices, the “Secure Future Initiative” (SFI), launched internally in November 2023. The company recently dealt with several large-scale hacks that had serious strategic consequences. In the summer of 2023, an espionage campaign against the Exchange messaging service thus compromised the email inboxes of several senior US officials.
In April 2024, the Cyber Safety Review Board (CSRB), a government committee under the United States Department of Homeland Security, published a report of the incident. It maintains the attack was “avoidable”, and the result of an “inadequate corporate culture” in terms of cybersecurity.
To fix this, the SFI will rely on three “principles” and six “pillars”. The three principles are
To comply with these principles, the company plans on:
“When faced with a choice between security and another priority, the answer is straightforward: go for security. In some cases, this means prioritizing security over other strategic options, such as the release of new features or providing uninterrupted support for existing systems,” explains Satya Nadella, CEO of Microsoft, in a memo to employees.