Microsoft 365
Microsoft 365 is a leading platform for businesses worldwide. Investing.com says roughly 80% of Fortune 500 companies use it. The chances are your business uses it, too. However, whether your team is small or large, you’ve likely heard of and been worried about recent Microsoft attacks that are now leading the provider to crack down on security like never before.
Microsoft’s Poor History With Attack Defenses
Microsoft is a longstanding platform with countless account holders in the private and corporate sectors. Professional users have come to rely on Microsoft 365 to power their infrastructures and keep their businesses running optimally on the back and front ends. However, in striving for new and upgraded features, the software giant’s development team has been known to let security measures slip through the cracks, allowing for numerous attacks in recent years.
For example, from May to June 2023, Storm-0558 (a threat actor group based in China) accessed and instilled malware into Microsoft Exchange Online mailboxes. This breach affected over 500 users and 22 organizations, including a few senior U.S. government officials with sensitive data.
Similarly, in January 2024, a Russian state-sponsored attacker gained the ability to override the system and gain access to executive email accounts, some internal systems, and source code repositories. These were just two of the many attacks on the platform, leading the Cyber Safety Review Board to report Microsoft’s security system as critically inadequate and needing immediate remedying.
Microsoft’s Reaction to the CSRB Review
Between being victimized by constant breaches and hearing about the inadequacy of this Windows platform, many regulators, legislatures, and other major customers have begun challenging and questioning Microsoft, leading them to take action in response to these valid concerns.
Microsoft’s Satya Nadella (CEO) and Kathleen Hogan (Chief People Officer) sent internal memos to all Microsoft teams. They explained that the company would take on a new goal: to place security above all else, even if it means forsaking new features and ongoing legacy support.
The new Security Core Priority, now available to employees in the “Connect” tool, helps workers understand the necessary core elements. It gives them a section where they can explain how they plan to contribute, depending on their role. Microsoft also partnered with geo HR teams so all employees worldwide could access this feature.
Looking Toward the Future
After sending out the memos and focusing on security appropriately, Brad Smith, the company’s president, addressed the topic of Homeland Security. This June meeting gave Smith a vital opportunity to explain that Microsoft has taken the CSRB report to heart and is currently making great strides to remedy the issues at hand by taking responsibility and prioritizing safety and security.
A Call to Action
So, what does that mean for business owners? As Microsoft continues to improve its security efforts, companies like yours that depend on Microsoft cloud computing and software like Azure can rest easier knowing there are fewer threats to you, your customers, and your livelihood.
Additional Information for You
CISA: Cyber Safety Review Board (CSRB)
DHS: Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023
Please sign up for our newsletter above
By Denis Wilson
Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, YouTube, and Facebook.
I am also a published author and speaker on cloud computing, remote-work, cybersecurity, and AI. I work extensively with business and professional associations to provide small business technology education programs.
Contact me if you have any questions about the subject. I'd be happy to spend 15 minutes discussing it with you.