Adrian Johnson
TLDR:
Key Points:
- Microsoft’s Brad Smith summoned by House Committee on Homeland Security over cybersecurity failures
- Major security breaches by China and Russia lead to scrutiny of Microsoft’s security practices
Article Summary:
Microsoft’s vice chair and president, Brad Smith, has been summoned by the House Committee on Homeland Security to address the company’s recent cybersecurity shortcomings. The hearing, scheduled for May 22, will focus on a series of security breaches, including the Microsoft Exchange attack in June 2023 and a separate incident in January involving Russia’s Midnight Blizzard group. The Cyber Safety Review Board harshly criticized Microsoft for a “cascade of avoidable errors” that led to the successful attacks. In response to the criticism, Microsoft’s exec veep, Charlie Bell, announced major changes in the company’s culture, emphasizing security as a top priority. The new Secure Future Initiative (SFI) will focus on six key pillars to enhance security measures within the company.
Security expert Kevin Beaumont praised Microsoft’s efforts to address internal security issues, calling it the company’s “last chance saloon moment on security.” While Microsoft has acknowledged the need for improvement and has outlined plans to enhance security by design and default, the House Committee on Homeland Security is still deliberating on the date for Smith’s hearing. Despite facing backlash for its recent security breaches, Microsoft’s proactive approach towards cybersecurity reform has been commended by industry experts.
