Microsoft 365 is a leading platform for businesses worldwide. Investing.com says roughly 80% of Fortune 500 companies use it. The chances are your business uses it, too. However, whether your team is small or large, you’ve likely heard of and been worried about recent Microsoft attacks that are now leading the provider to crack down on security like never before.
Microsoft’s Poor History With Attack Defenses
Microsoft is a longstanding platform with countless account holders in the private and corporate sectors. Professional users have come to rely on Microsoft 365 to power their infrastructures and keep their businesses running optimally on the back and front ends. However, in striving for new and upgraded features, the software giant’s development team has been known to let security measures slip through the cracks, allowing for numerous attacks in recent years.
For example, from May to June 2023, Storm-0558 (a threat actor group based in China) accessed and instilled malware into Microsoft Exchange Online mailboxes. This breach affected over 500 users and 22 organizations, including a few senior U.S. government officials with sensitive data.
Similarly, in January 2024, a Russian state-sponsored attacker gained the ability to override the system and gain access to executive email accounts, some internal systems, and source code repositories. These were just two of the many attacks on the platform, leading the Cyber Safety Review Board to report Microsoft’s security system as critically inadequate and needing immediate remedying.
Microsoft’s Reaction to the CSRB Review
Between being victimized by constant breaches and hearing about the inadequacy of this Windows platform, many regulators, legislatures, and other major customers have begun challenging and questioning Microsoft, leading them to take action in response to these valid concerns.
Microsoft’s Satya Nadella (CEO) and Kathleen Hogan (Chief People Officer) sent internal memos to all Microsoft teams. They explained that the company would take on a new goal: to place security above all else, even if it means forsaking new features and ongoing legacy support.
The new Security Core Priority, now available to employees in the “Connect” tool, helps workers understand the necessary core elements. It gives them a section where they can explain how they plan to contribute, depending on their role. Microsoft also partnered with geo HR teams so all employees worldwide could access this feature.
Looking Toward the Future
After sending out the memos and focusing on security appropriately, Brad Smith, the company’s president, addressed the topic of Homeland Security. This June meeting gave Smith a vital opportunity to explain that Microsoft has taken the CSRB report to heart and is currently making great strides to remedy the issues at hand by taking responsibility and prioritizing safety and security.
So, what does that mean for business owners? As Microsoft continues to improve its security efforts, companies like yours that depend on Microsoft cloud computing and software like Azure can rest easier knowing there are fewer threats to you, your customers, and your livelihood.
