Google criticizes Microsoft’s security practices in new report

Share post:

Google has publicly criticized Microsoft for a series of security missteps, suggesting that organizations might consider more secure alternatives. This criticism follows a number of high-profile security incidents at Microsoft, including breaches that allowed unauthorized access to email accounts of high-level US government officials and Microsoft’s own corporate accounts.

According to a paper released by Google, these incidents demonstrate a “cascade of security failures” at Microsoft, undermining the tech giant’s security culture and governance. Google’s report leverages findings from the US Cyber Security Review Board (CSRB), which highlighted significant shortcomings in Microsoft’s response to the intrusions.

One notable breach involved Chinese-affiliated hackers known as Storm-0558, who exploited a stolen signing key to access Microsoft Exchange Online accounts globally. Another breach, attributed to the Russian-linked group Midnight Blizzard, involved the compromise of Microsoft’s internal email accounts, including those of its security and legal teams. Google’s report criticizes Microsoft for the ongoing nature of these breaches and for its delayed corrective actions.

In contrast, Google touts its own security measures, citing its transparent and proactive response to the 2009 Operation Aurora attack, which targeted Gmail accounts. Google is positioning its Workspace products as a more secure alternative, highlighting its commitment to security transparency and risk management.

Google’s new Secure Alternative Program offers discounted rates for its Google Workspace Enterprise Plus and Mandiant incident response services, directly challenging Microsoft’s Secure Future Initiative aimed at overhauling its security practices following these incidents.


Related articles

Cyber Security Today, Week in Review for week ending Friday, June 21, 2024

Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday June...

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Cyberattack disrupts auto dealerships across North America

A cyberattack targeting CDK Global has significantly disrupted IT operations at numerous auto dealerships across Canada and the...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways