Why does the US continue to use Microsoft services if the company doesn't care about security?
The Cyber Safety Review Board (CSRB) published a report in which it pointed out the need for a radical change in Microsoft's approach to security issues, in light of a series of major cyber incidents. The report points to the corporation's lack of focus on security investments and risk management.
Microsoft security has once again sparked heated discussions among politicians and information security specialists about how well protected the systems of the world's largest technology company are. Despite this, the US government continues to use Microsoft products without publicly reproaching the corporation.
According to the CSRB report, Microsoft occupies an almost untouchable position in the market, being the main supplier of technology to the US government and playing a key role in the country's cyber defense initiatives.
This situation gives the company unique opportunities to monitor the actions of hackers and prevent their activity. However, according to experts, this state of affairs weakens Washington's ability to resist large-scale cyber attacks that threaten sensitive data and vital services.
Recent incidents include, for example, hacking in 2021, when Chinese hackers exploited vulnerabilities in Microsoft mail servers, and in 2023 — hacked the mail accounts of US federal agencies. Particularly worrisome was the 2024 attack that affected Microsoft's source code.
The CSRB report also criticizes Microsoft for publishing inaccurate information about the possible causes of hacking by China. In response to the accusations, Microsoft announced its plans to improve security measures, including through the Secure Future Initiative, which provides for better detection of abuse and stricter requirements for creating corporate accounts by employees.
However, critics point out that Microsoft's strategy of generating revenue from security services runs counter to the need to prioritize security. It is also noted that Microsoft does not make enough efforts to eliminate the found vulnerabilities in its products in a timely and adequate manner.
There are concerns that Microsoft's dominance increases the risks associated with the possible simultaneous disruption of critical services, since an attack on the products of one company can paralyze a significant part of the state infrastructure.
The CSRB report calls for reforms and tougher security requirements that can help change Microsoft's corporate culture and, as a result, increase overall cyber resilience.
Earlier this year, the CISA uncovered flaws in Microsoft's cybersecurity that led to a large-scale hack of the company's email and cloud services. It is noted that other cloud services are much more responsible in updating keys and ensuring security. After the attack, Microsoft was criticized for its inability to detect key compromise in time and slow response to the incident.
Note that the German authorities expressed serious concern about the threat of large-scale cyber attacks, which affect about 17,000 (about 37%) of all Microsoft Exchange servers in the country. The Federal Information Security Agency (BSI) has warned of a "massive disruption to regular operations" in the IT sector, describing the situation as "critical for business".
The Cyber Safety Review Board (CSRB) published a report in which it pointed out the need for a radical change in Microsoft's approach to security issues, in light of a series of major cyber incidents. The report points to the corporation's lack of focus on security investments and risk management.
Microsoft security has once again sparked heated discussions among politicians and information security specialists about how well protected the systems of the world's largest technology company are. Despite this, the US government continues to use Microsoft products without publicly reproaching the corporation.
According to the CSRB report, Microsoft occupies an almost untouchable position in the market, being the main supplier of technology to the US government and playing a key role in the country's cyber defense initiatives.
This situation gives the company unique opportunities to monitor the actions of hackers and prevent their activity. However, according to experts, this state of affairs weakens Washington's ability to resist large-scale cyber attacks that threaten sensitive data and vital services.
Recent incidents include, for example, hacking in 2021, when Chinese hackers exploited vulnerabilities in Microsoft mail servers, and in 2023 — hacked the mail accounts of US federal agencies. Particularly worrisome was the 2024 attack that affected Microsoft's source code.
The CSRB report also criticizes Microsoft for publishing inaccurate information about the possible causes of hacking by China. In response to the accusations, Microsoft announced its plans to improve security measures, including through the Secure Future Initiative, which provides for better detection of abuse and stricter requirements for creating corporate accounts by employees.
However, critics point out that Microsoft's strategy of generating revenue from security services runs counter to the need to prioritize security. It is also noted that Microsoft does not make enough efforts to eliminate the found vulnerabilities in its products in a timely and adequate manner.
There are concerns that Microsoft's dominance increases the risks associated with the possible simultaneous disruption of critical services, since an attack on the products of one company can paralyze a significant part of the state infrastructure.
The CSRB report calls for reforms and tougher security requirements that can help change Microsoft's corporate culture and, as a result, increase overall cyber resilience.
Earlier this year, the CISA uncovered flaws in Microsoft's cybersecurity that led to a large-scale hack of the company's email and cloud services. It is noted that other cloud services are much more responsible in updating keys and ensuring security. After the attack, Microsoft was criticized for its inability to detect key compromise in time and slow response to the incident.
Note that the German authorities expressed serious concern about the threat of large-scale cyber attacks, which affect about 17,000 (about 37%) of all Microsoft Exchange servers in the country. The Federal Information Security Agency (BSI) has warned of a "massive disruption to regular operations" in the IT sector, describing the situation as "critical for business".
