Skip to content

Microsoft's Cybersecurity Practices Under Scrutiny After Recent Azure Attack

Microsoft faces significant backlash over alleged 'negligent cybersecurity practices' after Azure's recent breach. Cybersecurity firms and officials are questioning the tech giant's commitment to data safety.

Microsoft Criticized for Azure Breach & Security Negligence

Microsoft's security protocols have come under the spotlight after a recent breach targeting its Azure platform. Notably, Amit Yoran, CEO of cybersecurity firm Tenable, has criticized the tech giant's practices, shedding light on what he perceives as "repeated pattern of negligent cybersecurity practices."

The breach, disclosed on July 12th, was attributed to a Chinese hacking group and affected around 25 organizations. The cyberattack resulted in the theft of confidential emails from US government officials. Senator Ron Wyden (D-OR) added to the chorus of concerns by urging the US Department of Justice to hold Microsoft accountable.

Yoran's critique is fortified by Tenable's discovery of an additional vulnerability in Azure, which, according to him, Microsoft addressed inefficiently. The cybersecurity firm revealed that it took Microsoft over three months to implement an incomplete fix to the flaw, leaving several organizations exposed to potential risks.

The cloud over Microsoft's cybersecurity practices thickens with claims from the security firm Wiz that the breach on Azure might have been more extensive than what was initially projected. Further, data from Google’s Project Zero showcases that Microsoft products accounted for a substantial portion of all detected zero-day vulnerabilities in the past seven years.

Microsoft’s senior director, Jeff Jones, responded to these criticisms, emphasizing the delicate balance between ensuring quality and timely security updates. He conveyed Microsoft's appreciation for the security community's collaboration in responsibly disclosing product flaws.

Given the frequency of data breaches in recent years, including the high-profile Solar Winds hack, there's mounting pressure on corporations like Microsoft to bolster their cybersecurity defenses. The forthcoming rules from the Securities and Exchange Commission, mandating companies to disclose hacks within a specific timeframe, underline the increasing importance of transparency and timely response in this domain.