Microsoft improves security with new security officers (CISOs), largest security push since 2002

In response to recent cyberattacks, Microsoft is placing security at the vanguard with the addition of deputy chief information security officers (CISOs) within its product groups. This big step comes after the company faced criticism for vulnerabilities exploited in past breaches.

The Redmond software giant will embed security expertise directly within product development. These new leaders, reporting to global CISO Igor Tsyganskiy, will mostly focus on building robust security into every product from the outset.

“We’re putting security above all else,” said Microsoft CEO Satya Nadella in a recent investor call. This renewed focus comes after their biggest security initiative since 2002, in November after unveiling the Secure Future Initiative, where the company prioritized safety over new features.

The decision comes after a series of high-profile attacks. Earlier this year, a Russian group infiltrated top executives’ email accounts, and in May 2023, a China-linked hacking gang compromised a Microsoft access tool, targeting US government officials. A report by the US Cyber Safety Review Board clearly shows the need for reform.

While Microsoft’s “Secure Future Initiative” aims to address these issues, some, including Senator Ron Wyden, who recently proposed stricter cybersecurity standards legislation, remain skeptical. 

Whether these changes are sufficient remains to be seen, but Microsoft’s commitment to prioritizing security throughout the product development cycle can be a big shift for the company. Only time will tell.

More here.