In the wake of significant cybersecurity breaches, Microsoft is under the microscope....
A recent incident resulted in the compromise of senior U.S. and U.K. government official accounts, including 22 organizations, over 500 individuals, and tens of thousands of emails put at risk.
Some stats...
A Microsoft environment was recently compromised and a group stole a signing key that permitted them to gain full access to essentially any Exchange Online account anywhere in the world.
"Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.”
Fundamental problems within Microsoft's security
“Microsoft’s customers did not have essential facts needed to make their own risk assessments about the security of Microsoft cloud environments in the wake of this intrusion.”
It’s uncertain whether Microsoft is able to prevent this type of incident from occurring again because the root cause was not determined at the time by Microsoft. While no organisation is immune to being the target of highly sophisticated adversaries, there is a clear pattern of evidence that suggests Microsoft is unable to keep their systems and therefore their customers’ data safe.
A consistent issue
This attack prompted the Department of Homeland Security’s Cyber Safety Review Board (CSRB) to issue a detailed report identifying the company’s “cascade of security failures” that led to the data breach.
The CSRB also noted significant concerns with Microsoft's handling of the incident, including a “decision not to correct, in a timely manner, its inaccurate public statements about this incident until the Board was concluding its review and only after the Board’s repeated questioning about Microsoft’s plans to issue a correction.”
What does that mean for businesses?
Businesses currently utilising the Microsoft platform are at risk. This recent attack resulted in a group known as "Storm-0558" gaining access to vital security keys meaning they have a "master key" to almost any Exchange Online account.
The underlying issue stated throughout the report is that Microsoft have used the same technology for their signing keys across multiple security platforms. Data security is essential for any business environment, meaning Microsoft have failed their customers by allowing this to happen.
In the same time period where Microsoft had 1292 vulnerabilities...
...Google had zero.
Google is built upon a platform with a fundamentally different, more secure approach - based in the Cloud.
99.9%
Phishing attempts blocked by Google filters within Google Workspace
3 Billion
Monthly active app users on Google Workspace in their businesses
140+ Million
Students are currently using Google Workspace - the workforce of the future
80%
increase in uptake over the last 2 years for Google Workspace
336%
Average ROI in 3 years or less utilising Google Workspace
Zero Trust
Built on zero trust architecture for maximum security
A New Way of Working
The way we work has changed dramatically. We’re generating more sensitive data and storing it in the cloud for easy access worldwide. Sharing it with internal and external collaborators drives global collaboration.
While this new working style has benefits, it also presents security challenges that legacy tools can’t handle. Google Workspace, built for the cloud with a zero trust approach, protects your information from phishing, malware, ransomware, and supply chain attacks.
Why teams trust Workspace to secure their business emails, meetings, and data
In contrast to legacy productivity solutions, Gmail and Workspace were built to combat modern threats.
Gmail’s cutting-edge AI defenses block more than 99.9% of spam, phishing attempts and malware. Workspace’s cloud-only architecture means no patching or updates required to stay secure. With Workspace, emails and files are stored in the cloud (not end-user devices) for simpler protection.
Security runs through every element of Google Workspace
By providing admins with enhanced security features, Google Workspace is able to provide enterprise level security.
Whether users are using Docs, Drive, Sheets, Slides or any other application within Google Workspace it is all within the infrastructure provided by Google that boasts such features as 2 Factor Authentication and DLP rules to secure the environment that people are working within.
Used by these leading brands...
Don't just take our word for it
Fill in the form below to download the Whitepaper on the attack in full and how Microsoft were unable to determine the root cause, or communicate with customers effectively as a result.