Microsoft Adds Security Chiefs to Product Groups in Wake of Hacking Woes

Ann Johnson named deputy security officer to oversee outreach and communication about company’s security.

Bloomberg News

May 3, 2024

2 Min Read
the microsoft logo
Bloomberg

(Bloomberg) -- Microsoft Corp. is adding security chiefs to its product groups in a bid to boost resilience to hacking after the company has been criticized for failing to contain several serious cyberattacks.

The software giant said it is adding deputy chief information security officers within its product groups, while declining to identify the new officials. The executives will report to Igor Tsyganskiy, who became global chief information security officer in December, one month after Microsoft announced its biggest security overhaul in more than two decades.

Ann Johnson, a Microsoft security executive since 2015, has been named deputy CISO for customer outreach and regulated industries and also will report to Tsyganskiy. Johnson’s role will focus on “customer engagement and communication about Microsoft’s own security,” the Redmond, Washington-based company said in an email. 

Early this year, a Russian state-sponsored group was blamed for combing through the email accounts of top Microsoft executives — prompting the company to reassign thousands of engineers to help mitigate the intrusion and accelerate security updates. In May 2023, a hacking gang linked to the Chinese government was accused of stealing one of Microsoft’s access tools and used it to break into the email accounts of US Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and hundreds more.

Related:Microsoft, Beset by Hacks, Grapples With Problem Years in the Making

Last month, the US Cyber Safety Review Board issued a scathing report documenting the company’s inability to stop the China-linked hack and calling on Microsoft to institute urgent reforms. US Senator Ron Wyden introduced draft legislation on April 8 that would require the government to set mandatory cybersecurity standards for collaboration software, citing Microsoft’s “shambolic cybersecurity.” 

Microsoft in November unveiled the Secure Future Initiative, its most significant security plan since co-founder Bill Gates halted Windows development in 2002 and ordered engineers to prioritize product safety over new features. But some rivals, government officials and customers have questioned whether the new plan will go far enough.

The latest set of changes are meant to address the issue of how to give each product group a focus on security as they move to add new features and box out competitors in fields like artificial intelligence. Microsoft Chief Executive Officer Satya Nadella said last week on a call with investors that the company is now “putting security above all else.”

Read more about:

Microsoft

About the Author

Bloomberg News

The latest technology news from Bloomberg.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like