It's been over a year since Microsoft revealed that Chinese hackers had accessed Outlook-based government email accounts in the US and Europe. In November 2023, Microsoft announced the launch of its Secure Future Initiative (SFI) to prevent similar incidents in the future and improve its cybersecurity efforts.
However, just a few months after SFI was announced, Microsoft revealed that hacker groups sponsored by the Russian government got access to a number of email accounts from some of the company's executives. In March, Microsoft revealed those same groups used the info from the emails to breach Microsoft's source code repositories. As a result, Microsoft announced afterward that security would become its number one priority above all other activities.
Today, Microsoft announced it had released the first full report from its SFI group since it was first formed 10 months ago. In a blog post, Charlie Bell, the executive vice president for Microsoft Security, wrote that the company now has "dedicated the equivalent of 34,000 full-time engineers to SFI".
The report also says Microsoft has established a new Cybersecurity Governance Council to monitor how the company is improving its security services. The council is made up of 13 Deputy Chief Information Security Officers (Deputy CISOs), each in charge of a specific Microsoft division, such as Gaming, Azure, AI, Microsoft 365, and others.
The report added:
The Cybersecurity Governance Council collaborates with SFI engineering leadership to define and prioritize SFI work as well as set future direction. The council is accountable for the implementation of regulatory requirements, ongoing compliance, and determining the security architecture necessary to achieve our goals. The council reports on cyber risk and compliance to the CISO, who in turn reports this information to the Microsoft senior leadership team and to the Microsoft Board of Directors.
Microsoft also said it had launched the Security Skilling Academy in July. This was created to give all of the company's employees a way to learn and train about cybersecurity efforts.
1 Comment - Add comment