Microsoft pledges to bolster security as part of ‘Secure Future’ initiative

Microsoft announced today the 'Secure Future Initiative,' pledging to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats.

If the company follows up on its promises, this will lead to enhanced customer security by addressing immediate concerns and anticipating future challenges posed by increasingly sophisticated attacks worldwide.

"In recent months, we've concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response," said Microsoft President Brad Smith.

"Therefore, we're launching today across the company a new initiative to pursue our next generation of cybersecurity protection – what we're calling our Secure Future Initiative (SFI)."

The company's Digital Crimes Unit has been monitoring 123 advanced ransomware-as-a-service affiliates, known for encrypting or stealing data to pressure victims into paying ransom demands.

Since September 2022, ransomware attempts have surged by over 200 percent, indicating the intensification of such threats, according to this year's Microsoft Digital Defense Report.

Furthermore, password-related attacks have also spiked dramatically, increasing more than tenfold compared to the corresponding period in 2022. The frequency has soared from approximately 3 billion monthly incidents to an alarming 30 billion, underscoring the escalating threat landscape.

Microsoft also found itself on the receiving end of hackers' attacks, with Chinese hackers stealing over 60,000 emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May.

Security flaws affecting Microsoft products have also been used in widespread attacks, with threat actors, including ransomware gangs, abusing ProxyShell, ProxyNotShell, and ProxyLogon to target tens of thousands of Exchange servers exposed online.

Focus on secure defaults, cloud security, and a new unified identity system

"This new initiative will bring together every part of Microsoft to advance cybersecurity protection," Smith said when outlining the new initiative's core strategies.

"It will have three pillars, focused on AI-based cyber defenses, advances in fundamental software engineering, and advocacy for stronger application of international norms to protect civilians from cyber threats."

First, the company says it will use automation and artificial intelligence (AI) to "transform" software development, aiming to deliver what it describes as "software that is secure by design, by default, and in deployment" while also prioritizing secure defaults to ensure optimal protections for users out-of-the-box.

Microsoft also plans to implement a unified identity system to streamline the management and verification of user, device, and service identities and access rights, bolstering security across all its products and platforms.

Lastly, Microsoft wants to enhance vulnerability response and speed up the release cycle for cloud security updates by reducing the time to address cloud vulnerabilities by 50 percent.

Looking forward, Executive Vice President for Microsoft Security Charlie Bell said the company will communicate key milestones along the journey to execute this ambitious initiative.

Bell said this transparent approach aims not only to address current threats effectively but also to lay down a solid foundational framework that will help mitigate future risks.

"Cybersecurity protection starts with tech companies and the private sector, and we are committed to new steps and stronger action. But especially when it comes to nation state activity, cybersecurity is a shared responsibility," Smith said.

"And just as tech companies need to do more, governments will need to do more as well. If we can all come together, we can take the types of steps that will give the world what it deserves – a more secure future."

Source