What’s behind Microsoft’s big security shakeup – and what needs to come next>
– Zeus Kerravala
Microsoft’s executive vice president of security, Charlie Bell, recently announced changes within the company’s security organization following a Chinese government-backed hack that led to the theft of U.S. government emails.
This incident has led to a shakeup, including the planned replacement of the chief information security officer, Bret Arsenault, and his deputy, Aanchal Gupta.
Igor Tsyganskiy, a new addition to Microsoft, will assume an elevated role within the security team, amidst emerging shortcomings in handling security vulnerabilities.
The Chinese-backed cybercriminals, known as “Storm-0558,” gained access to high-level government officials’ Microsoft 365 emails in April 2021.
These cybercriminals exploited a Microsoft account (MSA) consumer key to forge tokens for accessing OWA and Outlook.com.
The internal investigation by Microsoft concluded that this incident warranted significant organizational changes.
This event has implications for the company’s credibility in terms of cloud security, potentially impacting the adoption of M365 by various entities.
Despite being a dominant force in the cybersecurity market, Microsoft’s historical lack of emphasis on security has led to the rise of a sizable cybersecurity ecosystem to mitigate its oversights.
The shortcomings in Microsoft’s security approach, highlighted by the preferential use of PowerShell by hackers, underscore an ongoing struggle.
The post emphasizes a need for a fundamental reevaluation of Microsoft’s security approach and greater consideration for users and customer organizations to build secure solutions.
The call is for a more holistic approach, focusing less on creating new security tools as patches and more on addressing the systemic issues behind these security challenges.
Link: https://siliconangle.com/2023/12/12/whats-behind-microsofts-big-security-shakeup-needs-come-next/