Infosec professionals praise CSRB report on Microsoft breach
TechTarget
|
Contributed by: Drex DeFord
Summary
The U.S. Department of Homeland Security's Cyber Safety Review Board (CSRB) released a critical report on Microsoft's handling of a significant breach last year, attributed to Chinese nation-state actor Storm-0558. This breach, involving the theft of a Microsoft account signing key, affected 22 customer organizations, including federal government agencies. The CSRB criticized Microsoft for preventable errors, including failure to detect the theft, reliance on the U.S. State Department for its detection, and inadequately updating inaccurate public statements regarding the incident. The report calls for a major overhaul of Microsoft's security culture, highlighting a series of operational and strategic decisions that put enterprise security and risk management at a disadvantage. Despite this, Microsoft has expressed its commitment to adopting a new culture of security through its Secure Future Initiative.
