3 min Security

Microsoft wants to improve its security but thinks politicians should do more first

Microsoft wants to improve its security but thinks politicians should do more first

Microsoft is launching the “Secure Future” initiative. With this, it promises to bolster its cybersecurity. Most of the focus during the initiative’s launch, however, seems to be on holding politicians accountable for cybersecurity incidents worldwide.

Several parties already expressed negative views about Microsoft’s cybersecurity this year. Discovered vulnerabilities would be easily dismissed, according to the CEO of security company Tenable. Those words were bolstered by an official U.S. investigation into Microsoft’s security practices following a Chinese email hack that leaked emails from political powers.

Also read: Microsoft’s cybersecurity criticized again: ‘Even worse than we thought’

The tech giant is now finally trying to improve things and has launched the “Secure Future” initiative (SFI) to that end. Phrasing the genesis of this initiative in a more nuanced way, the company’s president, Brad Smith, said: “Over the past few months, we at Microsoft have come to the conclusion that the increasing speed, scale and sophistication of cyber-attacks require a new response.”

Large user numbers pique hackers’ interest

Microsoft has an extensive suite of products. Its productivity suite, Microsoft 365, gives it a foothold in many businesses and schools. Along with the Windows operating system, the brand is present in almost every household with a digital presence. For hackers, these large user numbers are interesting because a zero-day in a Microsoft product provides a conduit to a large group of companies, schools, governments and individuals.

This illustrates, for example, the EvilProxy phishing campaign. In August, this campaign hit thousands of Microsoft 365 accounts, with a special focus on C-level accounts.

Is the promise enough?

The SFI is formed to protect users from such problems. To do so, Microsoft is combining various components of its offerings. Smith explains: “This new initiative will bring together all parts of Microsoft to advance cybersecurity.”

“It will rely on three pillars, focusing on AI-based security, advances in fundamental software engineering and advocacy for stronger adoption of international guidelines to protect users from cyber threats.” In the short term, Microsoft will work out several security projects. For example, there will be a unified login system, which should simplify management and authentication. In addition, the tech giant is accelerating the cycle on which it issues updates for cloud security.

How the initiative will take shape in the future, however, remains to be seen. A faster update cycle and a unified login system now appear to be announced under a new initiative by Microsoft to give the initiative shape and a reason to exist.

Further, the tech giant is mostly pointing the finger back at politicians, possibly in response to the attack on Microsoft’s cybersecurity practices by U.S. politicians. Indeed, Smith is not lenient on the role politics plays in cybersecurity, according to the Windows builder: “Cybersecurity protection starts with technology companies and the private sector, and we are committed to taking new steps and taking stronger action. But especially when it comes to the activities of nation-states, cybersecurity is a shared responsibility. And just as technology companies need to do more, governments will also need to do more. If we can all come together, we can take the kind of steps that will give the world what it deserves: a more secure future.”