A review board appointed by the Biden administration criticized Microsoft for its poor security and lack of transparency, stating that a series of mistakes by the tech giant allowed Chinese cyber operators to infiltrate the U.S. Department of Commerce and other entities, including accessing the email account of a senior official, Gina Raimondo.
The Cybersecurity Review Board, created in 2021, highlighted Microsoft’s sloppy cybersecurity practices, lax corporate culture, and dishonesty about targeted breaches affecting U.S. government agencies due to its business dealings with China.
The report concluded that Microsoft’s security culture is insufficient and needs a major overhaul due to the critical role its products play in national security, economic infrastructure, and public safety.
The committee blamed the breach on a chain of avoidable mistakes and recommended that Microsoft focus on improving security before adding new features to its cloud computing environment.
Microsoft’s CEO and board of directors were urged to publicly share a plan for fundamental security changes, emphasizing the need for a rapid cultural shift within the company.
Microsoft responded by saying it will enhance its systems against cyber attacks and implement stronger measures to detect and defeat malicious forces.
The report revealed that state-sponsored Chinese hackers breached the Microsoft Exchange Online emails of various organizations and individuals, showing the severity and reach of the security breach.
The board also raised concerns about another hack by state-sponsored Russian hackers targeting senior Microsoft executives and customers due to the company’s deprioritization of security investments and risk management.
Microsoft acknowledged the need for a new culture of security within its network and committed to improving infrastructure and processes to prevent future breaches.
Source: www.theguardian.com
