Responding to a government assessment of recent cyberattacks, Microsoft CEO Satya Nadella issued a company-wide memo prioritizing security. “If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” the executive wrote. “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems,” Nadella added. The escalation sees Microsoft expanding the scope of its Secure Future Initiative based on government recommendations and insights gained from breaches linked to state-sponsored Russian hackers.

“The recent findings by the Department of Homeland Security’s Cyber Safety Review Board (CSRB) regarding the Storm-0558 cyberattack, from summer 2023, underscore the severity of the threats facing our company and our customers, as well as our responsibility to defend against these increasingly sophisticated threat actors,” Nadella shared on the internal missive posted on the Official Microsoft Blog.

The message was amplified by Microsoft EVP of Security Charlie Bell, who posted on the Microsoft Security blog details about furthering the CSRB recommendations.

“The company’s approach, Bell said, will be guided by three principles: security comes first when designing any product or service; security protections are enabled and enforced by default, requiring no extra effort and are not optional; and security controls and monitoring will be continuously improved to meet current and future threats,” reports Bloomberg.

Microsoft announced a security overhaul in November, appointing Igor Tsyganskiy global chief information security officer a month later. The stepped up measures include the appointment of new deputy security officers who will report to Tsyganskiy.

Axios notes that Microsoft recently experienced “nation-state attacks targeted the company’s products, resulting in Chinese and Russian spies accessing email inboxes tied to a cabinet secretary and senior Microsoft executives.”

On Friday, a German government official blamed a Russia-backed hacking ring for exploiting “a previously unknown flaw in Microsoft Outlook to breach government departments, companies and officials in Chancellor Olaf Scholz’s Social Democratic Party,” Bloomberg said.

Related:
Microsoft Is Tying Executive Pay to Security Performance, TechRadar, 5/6/24
Microsoft Adds More Security Chiefs Following Recent Cyberattacks, TechRadar, 5/3/24