More than a year has passed since Microsoft disclosed that Chinese hackers had infiltrated Outlook-based government email accounts across the US and Europe. In November 2023, Microsoft launched its Secure Future Initiative (SFI) aimed at preventing such incidents in the future and enhancing its overall cybersecurity strategy.
However, just months following the announcement of SFI, Microsoft revealed that hacker groups linked to the Russian government had gained access to several email accounts belonging to Microsoft executives. In March, it was disclosed that these groups exploited the information from these emails to breach Microsoft’s source code repositories. Consequently, Microsoft declared that enhancing security would become its top priority, surpassing all other endeavors.
Today, Microsoft published the first comprehensive report from its SFI group, released since its inception 10 months ago. In a blog update, Charlie Bell, the Executive Vice President for Microsoft Security, stated that the company has “dedicated the equivalent of 34,000 full-time engineers to SFI”.
The report also highlights the establishment of a new Cybersecurity Governance Council, tasked with overseeing the improvements in Microsoft’s security services. This council is composed of 13 Deputy Chief Information Security Officers (Deputy CISOs), each responsible for specific divisions within Microsoft, including Gaming, Azure, AI, Microsoft 365, and others.
Furthermore, the report elaborated:
The Cybersecurity Governance Council collaborates with SFI engineering leadership to define and prioritize SFI initiatives, as well as chart future directions. The council is responsible for implementing regulatory requirements, ensuring ongoing compliance, and determining the necessary security architecture to meet our objectives. It reports on cyber risk and compliance to the Chief Information Security Officer (CISO), who in turn informs the Microsoft senior leadership team and the Microsoft Board of Directors.
Additionally, Microsoft announced the launch of the Security Skilling Academy in July, designed to provide all employees with resources to learn about and enhance their knowledge of cybersecurity practices.
Leave a Reply