(Bloomberg) -- Microsoft Corp. is adding security chiefs to its product groups in a bid to boost resilience to hacking after the company has been criticized for failing to contain several serious cyberattacks.
The software giant said it is adding deputy chief information security officers within its product groups, while declining to identify the new officials. The executives will report to Igor Tsyganskiy, who became global chief information security officer in December, one month after Microsoft announced its biggest security overhaul in more than two decades.
Ann Johnson, a Microsoft security executive since 2015, has been named deputy CISO for customer outreach and regulated industries and also will report to Tsyganskiy. Johnson’s role will focus on “customer engagement and communication about Microsoft’s own security,” the Redmond, Washington-based company said in an email.
Early this year, a Russian state-sponsored group was blamed for combing through the email accounts of top Microsoft executives — prompting the company to reassign thousands of engineers to help mitigate the intrusion and accelerate security updates. In May 2023, a hacking gang linked to the Chinese government was accused of stealing one of Microsoft’s access tools and used it to break into the email accounts of US Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and hundreds more.
Last month, the US Cyber Safety Review Board issued a scathing report documenting the company’s inability to stop the China-linked hack and calling on Microsoft to institute urgent reforms. US Senator Ron Wyden introduced draft legislation on April 8 that would require the government to set mandatory cybersecurity standards for collaboration software, citing Microsoft’s “shambolic cybersecurity.”
Microsoft in November unveiled the Secure Future Initiative, its most significant security plan since co-founder Bill Gates halted Windows development in 2002 and ordered engineers to prioritize product safety over new features. But some rivals, government officials and customers have questioned whether the new plan will go far enough.
The latest set of changes are meant to address the issue of how to give each product group a focus on security as they move to add new features and box out competitors in fields like artificial intelligence. Microsoft Chief Executive Officer Satya Nadella said last week on a call with investors that the company is now “putting security above all else.”
