Is the US government lenient on Microsoft's "cascade of security failures" because of an overreliance on its systems?

News
By Kevin Okemwa
published

Microsoft's security systems have fallen victim to numerous threats, but the US government often remains quiet.

Microsoft logo
(Image credit: Windows Central)

What you need to know

  • In the past two months, Microsoft has suffered two major security breaches by hackers allowing them to access confidential information.
  • The US government's silence has raised concern among competitors and security, pinpointing Microsoft's impact and control in the industry as the main reason.
  • Microsoft has seemingly failed to come up with a lasting solution for the issue of hackers leveraging sophisticated techniques to deploy attacks, including AI.

Microsoft is the world's most valuable company with over $3 trillion in market capitalization ahead of Apple thanks to its early investment and adoption of generative AI. The tech giant is seemingly more inclined toward AI projects and has reportedly transitioned some of its staffers from the Teams chat app department to lend a hand with these advances. 

While AI seems like a major focus point for the company this year, it also has a broad portfolio of services and products it provides to consumers, placing it at the top. These include cloud computing services (under scrutiny for anti-competitive practices) and cybersecurity. 

The Redmond giant has found itself between a rock and a hard place in the past few months, with hacks leveraging sophisticated ploys, including AI, to bypass security and access personal credentials belonging to top government officials. 

In the most recent incident, hacker group Midnight Blizzard compromised Microsoft's systems to access confidential emails between the company and its clients, posing a huge risk to their safety and privacy. The same can be said about the attack by the Russian hacker group Nobelium, which gained access to email accounts belonging to top Microsoft executives, seeking to access the information Microsoft had on them.

It's happened one too many times

Hacker deploying an attack

(Image credit: Bing Image Creator | Windows Central)

Microsoft is arguably one of the top cybersecurity service providers, but it seems to be constantly under attack. It's faced two serious cyber attacks this year in less than two months, raising concern among policymakers, competitors, clients, and more. Perhaps the most concerning aspect of this spectacle is that Microsoft didn't face any consequences for these shortcomings, and the US government continues to purchase and leverage its products (via WIRED). 

A new report by the Cyber Safety Review Board indicates Microsoft could have prevented the Chinese state-sponsored hacking group Storm-0558 from accessing the email accounts of US government employees. The board added, "Microsoft's security culture was inadequate and requires an overhaul."

For context, Microsoft's 'cascade of security failures' started in July 2023 when a group of Chinese hackers breached Microsoft email accounts belonging to two dozen government agencies. The tech giant's cybersecurity team swung into action and mitigated the issue.

Consequently, President Biden commissioned a US cybersecurity advisory panel to look into the matter and analyze the risks of cloud computing. In a letter addressed to the board by Senator Ron Wyden:

"Government emails were stolen because Microsoft committed another error. Microsoft should not have had a single skeleton key that, when inevitably stolen, could be used to forge access to different customers' private communications."

READ MORE: Microsoft eludes EU antitrust merger probe over its multi-billion dollar investment in OpenAI

The Senator wanted the board to find out whether Microsoft played any hand in cybersecurity malpractice by the Chinese hackers. Microsoft is important to the US government as it tends to most of its needs, including powering computers, document drafting, and more.

This has raised concern among users and competitors, who've openly criticized the silence from top government executives over Microsoft's failure to get ahead of these cybersecurity-related issues, which seem to be often landing the US government and other consumers in compromising situations.

Ultimately, sources with close affiliations and knowledge of the matter indicate Microsoft's position in the industry coupled with its relationship with the US government has seemingly rendered it 'untouchable' despite its numerous shortcomings and susceptibility to attacks.

Kevin Okemwa
Kevin Okemwa
Contributor

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.

1 Comment Comment from the forums
  • ChipBoundary
    There is no major company that hasn't had numerous breaches. Stopping them is impossible. All you can do is put forward reasonable efforts to mitigate the damage or catch the perpetrators after the fact. No security system can ever be invented to keep people out completely. If a bad actor wants in, they're getting in.
    Reply