Father
Professional
- Messages
- 2,602
- Reaction score
- 837
- Points
- 113
How ignoring the precepts of Bill Gates led to a massive data leak.
A recent CISA report uncovered serious cybersecurity flaws at tech giant Microsoft that led to a massive data breach last year.
The consequences of last year's attack on Microsoft's Exchange email service, organized by the group "Storm-0558", associated with China, according to CISA, allegedly could have been prevented. However, weak security measures and culture within the company contributed to the compromise of the accounts of high-ranking US officials.
The report points to outdated key management practices as the cause of the leak. A system developed in the early 2000s without automatic key updates resulted in the use of an outdated 2016 key, giving access to corporate email accounts.
It is noted that other cloud services are much more responsible in updating keys and ensuring security. After the attack, Microsoft was criticized for its inability to detect key compromise in time and slow response to the incident.
Despite speculation that the key was found in publicly available debugging data, Microsoft has not been able to confirm this or any other of the 46 hypotheses reviewed about the cause of the attack.
The study highlights Microsoft's need to remember the lessons outlined by founder Bill Gates in 2002 about prioritizing security over adding new features. The current state of affairs shows that the company has moved away from these principles.
The CISA report highlights the need for oversight of the implementation of the Secure Future Initiative by Microsoft's senior management. Last year's events highlight the importance of vigilance and preventive measures in the field of cybersecurity for data protection at the global level.
A recent CISA report uncovered serious cybersecurity flaws at tech giant Microsoft that led to a massive data breach last year.
The consequences of last year's attack on Microsoft's Exchange email service, organized by the group "Storm-0558", associated with China, according to CISA, allegedly could have been prevented. However, weak security measures and culture within the company contributed to the compromise of the accounts of high-ranking US officials.
The report points to outdated key management practices as the cause of the leak. A system developed in the early 2000s without automatic key updates resulted in the use of an outdated 2016 key, giving access to corporate email accounts.
It is noted that other cloud services are much more responsible in updating keys and ensuring security. After the attack, Microsoft was criticized for its inability to detect key compromise in time and slow response to the incident.
Despite speculation that the key was found in publicly available debugging data, Microsoft has not been able to confirm this or any other of the 46 hypotheses reviewed about the cause of the attack.
The study highlights Microsoft's need to remember the lessons outlined by founder Bill Gates in 2002 about prioritizing security over adding new features. The current state of affairs shows that the company has moved away from these principles.
The CISA report highlights the need for oversight of the implementation of the Secure Future Initiative by Microsoft's senior management. Last year's events highlight the importance of vigilance and preventive measures in the field of cybersecurity for data protection at the global level.
