The Chinese attack that rocked Microsoft last summer could have been easily prevented, if the company had taken cybersecurity seriously, said the US Cyber Safety Review Board, in a scathing report

A prominent government advisory board issued a severe critique on Tuesday evening, stating that a Chinese espionage attempt targeting Microsoft last summer could have been prevented and should never have happened.

The US Cyber Safety Review Board, operating within the Cybersecurity and Infrastructure Security Agency (CISA), has been probing the breach at Microsoft since early August, as per a report by Axios.

Hackers backed by China were detected in Microsoft’s cloud networks in July, and were able to access emails of about 25 government organizations and officials, including those of Commerce Secretary Gina Raimondo and several State officials.

This incident raised significant concerns across Washington, given Microsoft’s position as the primary cloud provider for the US government.

According to the report, the breach in July occurred due to avoidable errors and Microsoft’s failure to detect the compromise of crucial security measures. The board spent seven months investigating and discussing with other cloud service providers to pinpoint where Microsoft went wrong. The report highlights Microsoft’s recent decisions that led to a deprioritization of enterprise security investments and rigorous risk management.

Despite the severity of the situation, three board members abstained from the investigation due to financial or employment conflicts. Meanwhile, officials warned that the Chinese government team responsible for the breach might target other high-value US companies in the future.

The report’s release has reignited concerns among Microsoft’s competitors and critics who argue that the company’s dominance in providing cloud services and enterprise software poses national security risks. Some experts advocate for the freedom to choose the best technologies for specific needs, emphasizing the importance of cybersecurity in the government and enterprise sectors.

In response to the critique, Microsoft has already begun internal changes in its cybersecurity culture, such as expanding access to security logs and overhauling its security strategy. The company appreciates the investigation’s efforts and is reviewing the final report for additional security enhancements.

Going forward, CISA plans to establish a baseline of strong security practices for cloud service providers, with the intention of ensuring transparency and continuous improvement in cybersecurity measures.

(With inputs from agencies)


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *