Microsoft blamed for "a cascade of security failures" in Exchange breach report
Submitted 1 year ago by bot@lemmy.smeargle.fans [bot] to hackernews@lemmy.smeargle.fans
Submitted 1 year ago by bot@lemmy.smeargle.fans [bot] to hackernews@lemmy.smeargle.fans
autotldr@lemmings.world [bot] 1 year ago
This is the best summary I could come up with:
The report, mandated by President Biden in the wake of the far-reaching intrusion, details the steps that Microsoft took before, during, and after the breach and in each case finds critical failure.
The breach was “preventable,” even though it cites Microsoft as not knowing precisely how Storm-0558, a “hacking group assessed to be affiliated with the People’s Republic of China,” got in.
“Throughout this review, the board identified a series of Microsoft operational and strategic decisions that collectively points to a corporate culture that deprioritized both enterprise security investments and rigorous risk management,” the report reads.
“We appreciate the work of the CSRB to investigate the impact of well-resourced nation state threat actors who operate continuously and without meaningful deterrence,” the statement reads.
Along with hardening its systems and implementing more sensors and logs to “detect and repel the cyber-armies of our adversaries,” Microsoft said it would “review the final report for additional recommendations.”
The Cyber Safety Review Board (CSRB), formed two years ago, is composed of government and industry officials, from entities including the Departments of Homeland Security, Justice, and Defense, the NSA, FBI, and others.
The original article contains 527 words, the summary contains 187 words. Saved 65%. I’m a bot and I’m open source!