Jump to content
  • Microsoft pledges to bolster security as part of ‘Secure Future’ initiative


    Karlston

    • 703 views
    • 3 minutes
     Share


    • 703 views
    • 3 minutes

    Microsoft announced today the 'Secure Future Initiative,' pledging to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats.

     

    If the company follows up on its promises, this will lead to enhanced customer security by addressing immediate concerns and anticipating future challenges posed by increasingly sophisticated attacks worldwide.

     

    "In recent months, we've concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response," said Microsoft President Brad Smith.

     

    "Therefore, we're launching today across the company a new initiative to pursue our next generation of cybersecurity protection – what we're calling our Secure Future Initiative (SFI)."

     

    The company's Digital Crimes Unit has been monitoring 123 advanced ransomware-as-a-service affiliates, known for encrypting or stealing data to pressure victims into paying ransom demands.

     

    Since September 2022, ransomware attempts have surged by over 200 percent, indicating the intensification of such threats, according to this year's Microsoft Digital Defense Report.

     

    Furthermore, password-related attacks have also spiked dramatically, increasing more than tenfold compared to the corresponding period in 2022. The frequency has soared from approximately 3 billion monthly incidents to an alarming 30 billion, underscoring the escalating threat landscape.

     

    Microsoft also found itself on the receiving end of hackers' attacks, with Chinese hackers stealing over 60,000 emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May.

     

    Security flaws affecting Microsoft products have also been used in widespread attacks, with threat actors, including ransomware gangs, abusing ProxyShell, ProxyNotShell, and ProxyLogon to target tens of thousands of Exchange servers exposed online.

    Focus on secure defaults, cloud security, and a new unified identity system

    "This new initiative will bring together every part of Microsoft to advance cybersecurity protection," Smith said when outlining the new initiative's core strategies.

     

    "It will have three pillars, focused on AI-based cyber defenses, advances in fundamental software engineering, and advocacy for stronger application of international norms to protect civilians from cyber threats."

     

    First, the company says it will use automation and artificial intelligence (AI) to "transform" software development, aiming to deliver what it describes as "software that is secure by design, by default, and in deployment" while also prioritizing secure defaults to ensure optimal protections for users out-of-the-box.

     

    Microsoft also plans to implement a unified identity system to streamline the management and verification of user, device, and service identities and access rights, bolstering security across all its products and platforms.

     

    Lastly, Microsoft wants to enhance vulnerability response and speed up the release cycle for cloud security updates by reducing the time to address cloud vulnerabilities by 50 percent.

     

    Looking forward, Executive Vice President for Microsoft Security Charlie Bell said the company will communicate key milestones along the journey to execute this ambitious initiative.

     

    Bell said this transparent approach aims not only to address current threats effectively but also to lay down a solid foundational framework that will help mitigate future risks.

     

    "Cybersecurity protection starts with tech companies and the private sector, and we are committed to new steps and stronger action. But especially when it comes to nation state activity, cybersecurity is a shared responsibility," Smith said.

     

    "And just as tech companies need to do more, governments will need to do more as well. If we can all come together, we can take the types of steps that will give the world what it deserves – a more secure future."

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...