Google published an overview of Microsoft’s recent security issues, concluding that Microsoft “is unable to keep its systems, and therefore its customers’ data, safe.”
In its report, Google accuses Microsoft of failing to properly describe a security breach to the public last year, when Chinese-backed hackers penetrated Microsoft Exchange systems, allowing them to access every Exchange account. Google cited the federal Cybersecurity Review Board’s findings that Microsoft customers did not have enough information to determine whether they were at risk at the time, and Microsoft made a “decision not to correct” statements about the breach that the board deemed “inaccurate”.
Google argued that because the board determined that Microsoft still did not know how the attackers obtained the key to its Exchange systems, a “clear pattern of evidence” emerged that Microsoft may not be able to protect itself or customers from future cyber attacks.
“Recurring security challenges with Microsoft demand a better alternative for both enterprise and public sector organizations,” Google said in its report. “We believe Google Workspace is a safer alternative, with a proven track record of engineering excellence, heavy investment in cutting-edge protections, and a transparent culture that treats security for our customers as a deep responsibility.”
Google is offering corporate and government discounts for switching from Microsoft services to Google Workspace Enterprise Plus, Bloomberg reports. Businesses can get 18 months free if they sign a three-year contract.
Unfortunately, Microsoft has had more cybersecurity incidents than the Exchange breach last year. In March, Microsoft said Russian hackers had gained access to its source code. Senior Microsoft management saw their email accounts compromised, and federal agencies using Microsoft services may have also been affected.
A third-party cybersecurity firm reported this year that Microsoft left an Azure cloud server exposed because the company did not password-protect it. The researchers were able to access Microsoft’s server, which contains data about its Bing search engine, as well as other files containing passwords and other data. Microsoft claims the server is only accessible through “internal networks.”
Recommended by our editors
Asked for comment on the Google report, a Microsoft representative told PCMag via email: “Microsoft makes security our top priority above all else. Our Secure Future initiative brings together every part of Microsoft to improve cybersecurity protection across our platforms and products, benefiting customers around the world, including commercial and government enterprises, small businesses and individuals.” The representative emphasized that Microsoft also is a signatory to the CISA Secure by Design pledge and is involved in “sharing threat intelligence with the security community about sophisticated nation states and cybercriminal actors.”
This month, Microsoft’s executive vice president of security Charlie Bell said the tech giant would do more to improve its security practices after the high-profile breaches and adopt a security-first approach. “We will instill accountability by basing a portion of the compensation of the company’s senior leadership team on our progress in meeting our security plans and milestones,” Bell said.
Editor’s note: This story has been updated to include a comment from Microsoft.
Like what you read?
Sign up for SecurityWatch newsletter about our top privacy and security stories delivered straight to your inbox.
This newsletter may contain advertisements, deals or affiliate links. Subscribing to a newsletter indicates your agreement to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.
