Microsoft adds more security chiefs following recent cyberattacks
Microsoft has just unveiled the next step in its major cybersecurity overhaul, and that is to hire security executives for different product groups.
Following a string of major cyberattacks, and the subsequent US government “call to arms” of sorts, Microsoft decided to completely revamp its cybersecurity practices, and “put security above all else”, as CEO Satya Nadella recently put it.
One major milestone in that endeavor is the hiring of additional security chiefs to product groups, Bloomberg reports. While the identities of the new officials are yet to be released, we do know a couple of names.
Russians and the Chinese
Ann Johnson, for example, who’s been a Microsoft security executive for almost a decade now, has been named deputy CISO for consumer outreach and regulated industries. In an email to the publication, Microsoft said Johnson will work on “customer engagement and communication about Microsoft’s own security”. Johnson will report to Igor Tsyganskiy, the company’s global CISO since December last year.
Roughly a year ago, news broke that APT29, a known Russian state-sponsored threat actor, compromised Microsoft corporate email accounts, and through those breached accounts of officials working in several US federal agencies. “Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” CISA said at the time.
A few months later, Chinese hackers were deemed responsible for stealing one of Microsoft’s access tools and using it to infiltrate email accounts of US Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and hundreds more.
All this, and more, led the US Cyber Safety Review Board to issue a report earlier this month, criticizing Microsoft’s “shambolic cybersecurity”.
In the meantime, Microsoft promised to do better, by setting up the Secure Future initiative which Bloomberg described as the “most significant security plan since co-founder Bill Gates halted Windows development in 2002 and ordered engineers to prioritize product safety over new features.” However, the company is still being criticized for not doing enough.