Microsoft said it will tie compensation for some senior executives to hitting security targets and that it will prioritize security in its products over shipping new features, in what is the company’s latest bid to address a string of recent breaches that have raised concerns that its software has become an easy target for hackers.

The changes announced Friday are the latest update to what Microsoft calls its “Secure the Future Initiative,” which seeks to shift engineering resources toward security. In a blog post, Charlie Bell, Microsoft’s executive vice president for security, said that “Microsoft plays a central role in the world’s digital ecosystem” and that the company “must and will do more” to secure its products. “We are making security our top priority at Microsoft, above all else,” he wrote.

In an email to staff Friday, Microsoft CEO Satya Nadella said that security is every employee’s top responsibility and that going forward the company will prioritize security ahead of shipping new features for products, according to a source at the company.

Friday’s announcement comes on the heels of a scathing report by the Cyber Safety Review Board examining a breach of the company by Chinese hackers. That report blamed the incident on a series of “operational and strategic decisions that collectively point to a corporate culture that deprioritized both enterprise security investments and rigorous risk management.”

Since that incident, in which Chinese hackers stole a highly sensitive signing key and used it to spy on senior U.S. government officials, Microsoft has disclosed another embarrassing incident, this time involving Russian hackers that accessed company source code and emails belonging to senior executives. Last month, CyberScoop reported that the pilfered emails included messages between Microsoft and U.S. federal agencies.

Microsoft has said it faces ever-more sophisticated threats and that well-resourced attackers sponsored by nation states have made attacking the company a priority. While these groups are difficult to defend against, repeated breaches by Russian and Chinese hackers have caused concern in Washington that Microsoft, which is a crucial provider of IT services to the federal government, is failing to adequately invest in security measures and that the company has become a threat to national security.

Friday’s organizational overhauls appear aimed at addressing this criticism. According to the Microsoft blog post, the company is putting in place a series of governance changes to elevate the importance of security at the company, including partnering deputy chief information security officers with engineering teams.

The company has identified six security priorities to guide its work going forward, including better protecting identities and secrets and better protecting tenant accounts and isolating production systems. Microsoft executives will be meeting weekly to assess the execution of these priorities, according to Bell.

“Microsoft runs on trust and this trust must be earned and maintained,” Bell wrote. “This is job #1 for us.”

The post Microsoft organizational changes seek to address security failures appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

White House, EPA warn water sector of cybersecurity threats

March 19, 2024 0 Comments 0 tags

The White House sent a stark warning to U.S. governors on Monday that “disabling” cyberattacks targeting water systems are occurring throughout the United States, in what is the Biden administration’s

‘Large volume’ of data stolen from UN agency after ransomware attack

April 18, 2024 0 Comments 0 tags

A large volume of United Nations Development Programme data related to staffers and other internal operations was stolen and posted to a ransomware website in late March, the agency announced

How the “Frontier” Became the Slogan of Uncontrolled AI

February 29, 2024 0 Comments 0 tags

Artificial intelligence (AI) has been billed as the next frontier of humanity: the newly available expanse whose exploration will drive the next era of growth, wealth, and human flourishing. It’s