A presenter discusses Microsoft in the Information Age at the World Artificial Intelligence Congress. [+] Conference. Shanghai will host a conference on Thursday, July 6, 2023. Microsoft Corp. announced in a blog post published on Tuesday, July 11, that a cyber group based in China has compromised government email accounts in Western Europe.
MSFT disclosed that a group of Chinese hackers had gained access to the email systems of some of its consumers in order to gather intelligence. The hackers, designated by Microsoft as Storm-0558, were able to access government agencies and individual accounts in the United States and Europe.
The hackers accessed the accounts by exploiting a vulnerability in Microsoft’s cloud email service. They were then able to access other accounts using the stolen credentials. The hackers were able to steal a substantial quantity of data, including sensitive emails, documents, and other information.
Microsoft has since rectified the flaw and restricted the hackers’ access to the compromised accounts. Nonetheless, the extent of the devastation remains unknown. The company is investigating the incident alongside law enforcement.
The Microsoft data disclosure is a reminder of the escalating cyber threat posed by malicious actors. Businesses must take the necessary precautions to not only protect their data from cyber threats but also be prepared with a remediation plan in the event of a breach.
This breach has sounded alarm bells for numerous boards of directors.
Directors of public companies are aware that their responsibility is to oversee the corporation. This includes examining the operational plans, the financials, and the fundamental duty of risk mitigation.
In anticipation of the proposed new SEC regulations on board of directors cyber compliance, many boards are now emphasizing climbing the cybersecurity learning curve.
In light of the recent Microsoft incident, I thought it would be useful to provide a brief overview of some of the steps boards can take toward cyber readiness and preparedness:
Regarding immediate actions, boards should begin with board education to bring all members to the same level of cyberliteracy. Boards may also wish to contemplate assigning cybersecurity oversight to a specific committee.
Read also: As the secondary and premium markets flourish smartphone shipments continue to fall.
In addition, board members should investigate the costs and budget impact of bringing the company’s cyber systems up to a level that corresponds with the cost and risk tradeoff of what the company is willing to take as a loss for the business. Each industry will emphasize distinct factors. For instance, safeguarding intellectual property may not be as crucial in the retail industry as it is in the pharmaceutical industry.
The NIST framework is one of the most fundamental and widely accepted foundational tools for performing cyber oversight, and boards must grasp it. The NIST Cybersecurity Framework is a monitoring instrument that categorizes cyber risk into five categories and evaluates a company’s cyber posture and readiness to defend against cyberattacks.
Boards frequently use the NIST framework as a scorecard to evaluate cyber resilience and preparedness, as well as to identify areas of strength and those requiring improved resource concentration. Directors will be well served by a board-wide review of the NIST Framework.
While preventative measures are of the utmost importance, the recent incident at Microsoft demonstrates that no business is completely immune to cyberattacks.
Read also: Extreme weather could dampen stock market optimism, warns Schwab.
Having a cyber response protocol in place in the event of a breach or cyberattack is the logical next stage in cybersecurity readiness.
Consider the protocol beforehand. Instruct the IT and/or cyber teams to evaluate the crisis management tabletop exercise conducted with the board. Ensure that external cyberforensics experts are available.
As part of tabletop cyber planning, request that the CISO and/or tech team walk the board through their post-breach protocol. For example, who would serve as the outside council? Who is the forensics expert?
Who is in control of the communications team?
Post-breach, organizations must prioritize removing and preventing the attacker’s ability to move freely within the organization. It is essential to keep in mind that many internal IT systems in companies were designed to maximize productivity.
There are connection points that make it simple for an intruder to move around within a system because the internal IT systems typically assume that all other systems are trustworthy. In general, IT system architectures are not specifically designed with security in mind. This should be re-examined.
As board members look to conduct oversight and direct management priorities, it may be advantageous for the board to consider inviting outside experts to provide an orientation and briefing.
In 2022, for instance, Mandiant (a cybersecurity company that is now a part of Google Cloud) assisted over 1,800 clients in preparing for or recovering from critical cybersecurity incidents.
Cybersecurity risk remains one of the most pressing concerns for businesses. I recommend perusing “Perspectives on Security for the Board” by the Google Cloud Cybersecurity Action Team for more information on how boards should approach cybersecurity preparedness and risk mitigation.
