Microsoft has reported that over 90% of its corporate users are now required to use phishing-resistant multifactor authentication (MFA) to sign in, marking a significant milestone in cybersecurity protection. This announcement comes as part of the company’s Secure Future Initiative (SFI), which was launched by CEO Satya Nadella in November 2023 to prioritize cybersecurity across all aspects of the organization.
The adoption rate of MFA by 92% of employee productivity accounts is seen as a crucial step in safeguarding against social engineering and credential-based attacks, according to Microsoft. The initiative was implemented in response to cyberattacks by China-based nation-state actor Storm-0558 and Russian nation-state actor Midnight Blizzard, also known as Cozy Bear and APT29.
Vasu Jakkal, Corporate Vice President of Microsoft Security, highlighted the cultural and technological transformation that the company underwent with the launch of the SFI. She emphasized the need for every employee at Microsoft to adhere to best security practices and consider security as a co-priority in all aspects of their work.
Microsoft has shared the progress made by the SFI in three key areas:
1. Making progress in Secure by Design, Default, and Operations: This includes the development of security-focused tools and training, such as a new UX toolkit, security reviews for AI development, and training for 50,000 employees.
2. Adopting a company-wide security-first mindset: Security is now a core priority tied to employee performance reviews, with 99% of employees completing security courses to enhance their knowledge and awareness.
3. Achieving stronger security governance to manage enterprise-wide risk: The company has implemented a new governance structure, appointed Deputy CISOs, and established an enterprise-wide risk inventory to improve security risk visibility and accountability.
In addition to these transversal missions, Microsoft has set 28 measurable objectives across six pillars to strengthen its security posture. The company has made significant progress on five objectives nearing completion, with 11 achieving substantial advancements, while continuing to work on the remaining objectives.
Furthermore, Microsoft recently organized its inaugural Zero Day Quest event, offering over $1.6 million for vulnerability submissions. This initiative underscores the company’s commitment to fostering a culture of security awareness and proactive threat detection.
The tech giant’s progress in enhancing cybersecurity measures comes amidst the rollout of Recall, a controversial functionality that periodically captures desktop snapshots and stores them locally. This feature has been introduced in the Windows 11 Release Preview channel for Copilot+ PCs, sparking discussions about privacy and data security among users and experts.
Overall, Microsoft’s focus on bolstering security measures and promoting a culture of cybersecurity awareness reflects its commitment to safeguarding user data and maintaining trust in an increasingly digital world. With ongoing efforts to strengthen security governance and enhance protection against evolving threats, the company remains vigilant in its quest to stay ahead of cyber adversaries and protect its ecosystem from potential vulnerabilities.