In January of this year, Microsoft admitted to a successful attack by a Russia-backed hacking group known as Midnight Blizzard. This prompted me to create a list of five questions to ask your IT and security leads. While this summary is not a replacement for reading the full report, I recommend downloading it for a detailed analysis of the evidence and findings.
The UK government has been relatively reserved in response to Microsoft’s security incidents compared to the US. This could be due to limited influence over a US-based platform or concerns about national security. However, the UK heavily relies on Microsoft Public Cloud Services, despite growing concerns about its suitability.
The CSRB report highlights failures leading to the Storm-0558 hacking event and makes 25 recommendations, including improving security practices and aligning with industry standards. It also raises concerns about Microsoft’s security posture and culture, urging them to suspend new features until they are proven secure.
Five questions to consider for organizations using Microsoft services:
1. Have new products introduced by Microsoft improved or weakened your security?
2. Are we likely to be targeted in future attacks through Microsoft services?
3. What would happen to our operations if we had to disconnect from Microsoft?
4. Are decisions based on risk acceptance still valid in light of the CSRB report?
5. Should we consider a different cloud platform or self-hosting?
The CSRB report suggests that for many organizations, the risks of using Microsoft’s services may now outweigh the rewards due to their security practices. It’s essential to consider whether trust in Microsoft is still warranted and if reliance on their cloud services should be moderated or reduced. Organizations must weigh the potential risks of continuing to use Microsoft services against the benefits and make informed decisions based on the CSRB report and their own risk tolerance.