Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎04-03-2024 07:10 PM
‎04-03-2024 07:10 PM

Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack

Hi All

 

Now would you put all your eggs into the same basket? 

 

https://apnews.com/article/microsoft-cybersecurity-hack-raimondo-breach-b0901a93cca2ffaf05edacbfb9ec...

 

https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_...

 

Regards

 

Caute_Cautim

Preview file
2180 KB
Reply
9 Replies
Early_Adopter
Community Champion
‎04-03-2024 07:45 PM
‎04-03-2024 07:45 PM

A failure cascade,
Systemically flawed,
Fit for purpose? No.

Knowing this, how many boards can justify using Microsoft for Office, Email, Storage, LLMs, IaaS, Databases, BI et Al?

How is the status quo justified? The writing might be on the wall but those charged with the responsibility of protecting their companies don’t seem to be reading it…

At the very least companies reliant on IP for their success should be seriously considering alternatives.
Reply
Caute_cautim
Community Champion
‎04-03-2024 08:19 PM
‎04-03-2024 08:19 PM

@Early_Adopter  

 

Government policies - go for the discounts best value for money?  Does it pay off in the end, when things like this occur?  

 

Regards

 

Caute_Cautim

Reply
Early_Adopter
Community Champion
‎04-03-2024 08:24 PM
‎04-03-2024 08:24 PM

Yeah, mostly rhetorical, as in we know the answer, however we probably require someone to regulate the service provider… do we know if Google is any better? Or just not worth attacking yet as not enough customers..?
Reply
Caute_cautim
Community Champion
‎04-04-2024 03:09 PM
‎04-04-2024 03:09 PM

@Early_Adopter    This also suggests that NIST SP800 53 R5 or NIST Cybersecurity Framework including SOC 1, SOC 2 reviews are inadequate for these circumstances - more rigorous measures need to be put in place and not precluding penalties or legal cases.

 

Regards

 

Caute_Cautim

Reply
Early_Adopter
Community Champion
‎04-05-2024 04:43 AM
‎04-05-2024 04:43 AM

Frankly I think at this stage we need to have massive increase to scope, depth and frequency on penetration testing.

Another concern is the temptation to shortcut for profits. We do need separation - you design it … ok you don’t build it, … you built it you don’t run it… you run it? We get someone else to test.

This last, the security testing needs to embrace all the techniques out there, be continuous and there needs to be a live score running for the consumers. Ubique
Reply
Caute_cautim
Community Champion
‎04-07-2024 04:01 PM
‎04-07-2024 04:01 PM

Hi All

 

This is an interesting consolidation on the Microsoft security issue:

 

https://www-securityweek-com.cdn.ampproject.org/c/s/www.securityweek.com/microsofts-security-chicken...

 

This could take years to resolve from a cultural perspective, certainly not overnight.

 

Regards

 

Caute_Cautim

 

Reply
Caute_cautim
Community Champion
a month ago
a month ago

HI All

 

Another piece about the Microsoft issue:  A lot of questions to ask our respective Governments:

 

https://www.theregister.com/2024/04/05/microsoft_government_contracts/?utm_source=daily&utm_medium=n...

 

Regards

 

Caute_Cautim

Reply
Early_Adopter
Community Champion
a month ago
a month ago

Yup, takes a while to turn that mindship around.
Reply
Caute_cautim
Community Champion
a month ago
a month ago

Hi All

 

Have a look at this subsequent analysis too:

 

https://accelerationeconomy.com/cloud-wars/microsoft-cybersecurity-disaster-triggers-customer-doubt-...

 

Regards

 

Caute_Cautim

Reply
0 Kudos