Adrian Johnson
TLDR:
- The US Cyber Safety Review Board reported that the 2023 Microsoft email hack was preventable
- Microsoft created a company culture that did not prioritize security, enabling the hack
The 2023 Microsoft email hack conducted by Storm-0558, a group affiliated with China, was preventable according to a new report from the US Cyber Safety Review Board (CSRB). The hack, discovered in mid-June by Microsoft but undetected for a month, affected approximately 25 government officials and agencies. The CSRB found that Microsoft’s decisions and company culture that did not prioritize cybersecurity enabled the breach. The CSRB recommended that Microsoft create a public plan for security-focused reforms and also provided recommendations for all cloud providers, such as implementing modern control mechanisms and adopting minimum standards for audit logging.
The importance of security in cloud computing was highlighted by the CSRB, emphasizing the need for cloud service providers to prioritize security by design. The report also stated that cloud is becoming mainstream for businesses worldwide, with the total cloud market expected to be worth $1.4trn globally by 2027. CISA director Jen Easterly expressed confidence that the CSRB’s report would prompt action to reduce risks to critical infrastructure. Overall, the report serves as a call to action for cloud providers to enhance cybersecurity measures and prioritize security in cloud computing operations.
