Microsoft has made significant progress in its bid to overhaul its in-house cybersecurity governance following a crippling cyberattack. The new measures are part of a pledge that the company made in 2023 after it suffered a high-profile breach at the hands of a China-linked threat group.
In total, it hopes to carry out 28 objectives. The company has nearly achieved five of these, and has made progress with a further 11. Among the suite of actions that Microsoft has taken, 92% of employee productivity accounts are now protected with multi-factor authentication (MFA).
Cyber attacks are on the rise, with AI being one of the main drivers behind the present surge in illicit activity. To make matters worse, a recent report from Trend Micro illustrates that, largely, organizations are failing in their duties to prevent cybersecurity attacks, and are woefully unprepared for the evolving nature of the threat landscape.
Microsoft Making Progress With Cybersecurity Overhaul
Microsoft’s plan to overhaul its product development, threat detection, and corporate governance structure is bearing fruit. The program, known as the Secure Future Initiative, is the result of a wide-ranging cyberattack from 2023, during which China-linked threat actors hacked into the Microsoft Exchange Online environments of 22 customers. The consequences were dire.
In a blog post published on its site on Monday, executive vice president of security at Microsoft, Charlie Bell, wrote:
This just in! View
the top business tech deals for 2025 👨💻
“We have made progress across culture and governance by fostering a security-first mindset in every employee and investing in holistic governance structures to address cybersecurity risks across our enterprise.” – Charlie Bell, executive vice president of security at Microsoft
Specifically, it has rolled out a “secure-by-design” toolkit to 22,000 employees, linked performance reviews to security best practices, and appointed a deputy CISO, alongside other changes.
Tech Giant Bids to Set The Record Straight
In the wake of the 2023 breach, Microsoft faced widespread questions over its preparedness for such an attack. In fact, the US Cyber Safety Review Board deemed that the attack was “entirely preventable,” and should serve as a “wake-up call to cloud providers.”
Designed to address shortcoming in the cybersecurity culture at Microsoft in the aftermath of a debilitating data breach, the SFI comprises 28 objectives. Of these, the company has made “significant progress” with 16.
For example, Microsoft has rolled out MFA to 92% of employee productivity accounts, which will go some way to insulating the business against future phishing attacks. Furthermore, the company can now lay claim to a 73% success rate in addressing cloud vulnerabilities within an undisclosed timeframe. It has also removed more than 6.3 million legacy tenants, more than 550,000 of which since September 2024.
Microsoft Paves Way For Safer Future
Ultimately, Microsoft deserves credit for its concerted efforts to not only address failings in its security infrastructure, but also to upskill its employees in the critical nature of cybersecurity in modern business. A recent report from Experis – which found cybersecurity to be the top concern of CIOs everywhere – highlighted the substantial skills gap that exists in the sector at present. Microsoft’s approach is a great example of a company taking steps to mitigate that gap – as well as building the next generation of security-conscious employees.
Cyberattacks are becoming more commonplace and sophisticated. As if that wasn’t bad enough, organizations are largely underprepared for them. Our latest Impact of Technology on the Workplace report found that a shocking number of senior leaders (19%) are unable to correctly define two-factor authentication (2FA) – one of the most rudimentary defense mechanisms that a business has at its disposal.
To put it plainly, when it comes to cybersecurity, the business landscape has a long way to go. Microsoft should serve as a shining example of how a company can both take accountability and set itself up for future success.
