Microsoft Promises to Improve Cybersecurity Following Multiple Breaches

Microsoft Corp. has announced a transformation in its approach to cybersecurity protection, aiming to enhance its response to vulnerabilities and safeguard customers by incorporating artificial intelligence and other techniques. This comes as the company faces criticism for its involvement in various significant cyberattacks.

Three Microsoft executives said in a blog post that they “have been thinking carefully about how we should anticipate and adapt to increasingly sophisticated cyber threats.” The result is a commitment to three areas of technical development: “transforming” software development, implementing new identity protections, and responding more quickly to vulnerabilities, they wrote.

“Over the past several months, we at Microsoft have come to the conclusion that the increasing speed, scope, and sophistication of cyberattacks require a new response,” president Brad Smith wrote in a separate message. “This new initiative brings together all parts of Microsoft to advance cybersecurity.”

We are now on WhatsApp. Click to join.

Although Microsoft is known primarily for its software products for businesses and consumers, the Redmond, Wash.-based company has emerged in recent years as the largest supplier of cybersecurity products, growing to about $20 billion a year. Meanwhile, Microsoft remains a frequent target of critics who complain that its software is riddled with bugs, making it a frequent target for criminals and nation-state hackers.

These issues came to light earlier this year when hackers used a stolen consumer signing key to forge authentication credentials intended to verify a user’s identity. They then used the email of users from about 25 organizations, including US government agencies. Among the victims were US Commerce Secretary Gina Raimondo and State Department officials whose emails were accessed just before a meeting between US Secretary of State Antony Blinken and Chinese President Xi Jinping. Microsoft tied the hackers to China.

U.S. Sen. Ron Wyden wrote a scathing letter on July 27 about the lapse and called for an investigation, and soon after, a government-led cybersecurity advisory panel launched an investigation into the risks of cloud computing, including a review of Microsoft’s role in the email hack.

“Government emails were stolen because Microsoft made another mistake,” Wyden, Democrat of Oregon, said in the letter. “Microsoft should not have had a single skeleton key that, if stolen, could inevitably be used to fake access to private communications of various customers.”

Amit Yoran, CEO of cybersecurity company Tenable Holdings Inc., also criticized Microsoft, saying on LinkedIn in August that the company’s “lack of transparency regarding data breaches, irresponsible security practices and vulnerabilities all expose their customers to risks they are knowingly hiding from.”

Microsoft’s announcement, called the Secure Future Initiative, comes after the federal government has said it expects software makers to take more responsibility for securing their products. In February, for example, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said bad software and unsafe practices make ransomware attacks easier, and she said the implementation of some security protocols by Microsoft and Twitter, such as two-factor authentication, was disappointing. .

And on Monday, the U.S. Securities and Exchange Commission filed a lawsuit against Texas-based SolarWinds Corp., alleging the company misled investors by downplaying the security risks of its software being hacked. In this cyberattack, which became public in December 2020, Russian state-backed hackers added malware to an update of the popular SolarWinds software product and created a digital backdoor when customers downloaded it.

Hackers used this backdoor to further infiltrate about 100 organizations, including U.S. government agencies, according to the SEC. The lesson of the SEC suit was that security professionals shouldn’t glorify problems they see and be more open about them, Michael Coates, CoinList’s chief security officer and former chief security officer at Twitter, told Bloomberg News.

According to Microsoft’s Smith, the company is committed to building an AI-based cyber defense to protect customers and countries around the world.

“One of the reasons these AI tools are so important is their ability to address one of the world’s most pressing cybersecurity challenges,” he wrote. “Everyday devices and constant Internet connections have created a huge amount of digital data.”

“But artificial intelligence is a game changer,” he said.

In addition, Microsoft said it uses AI-based analysis and other measures to inspect code and protect against advanced threats, and it promised to strengthen identity protection at a time when password attacks have increased and hackers have developed more sophisticated methods to steal and use them. login information. As part of the latter initiative, Microsoft announced that it is moving to “a new and fully automated consumer and enterprise key management system, with an architecture designed to ensure that keys cannot be accessed, even when the underlying processes may be compromised.”

In his criticism of Microsoft earlier this year, Easterly said Microsoft needs to “recapture” the ethos of what company founder Bill Gates called “trusted IT” in 2002. At the time, Microsoft was in the throes of computer worms, and Gates wrote. a memo instructing software developers to prioritize security. “We can and must do better,” he wrote.

One more thing! ReturnByte is now on WhatsApp channels! Follow us by clicking the link to never miss any updates from the world of technology. Click here to join now!