Microsoft set to dock bosses’ pay — if they haven’t shown good cybersecurity performance

on

|

views

and

comments


The annual bonuses of Microsoft’s highest-ranking workers officers’ annual bonuses will depend on how mindful they were of cybersecurity, the company’s vice chair and president has revealedAhead of the US House committee hearing on Microsoft’s security practices this week, Brad Smith submitted an addendum to his written testimony, in which he detailed the upcoming innovation. The company’s senior executives, who frequently meet with the CEO, have their annual bonuses calculated based on a number of factors, including something called “individual performance”.Deprioritized enterprise securityFor the fiscal year 2025, which starts on July 1, a third of this “individual performance” part will be directly linked to the review of their cybersecurity work. The review will be done by the board’s compensation committee, but will also include the opinion of an unidentified, independent third party.Some changes to the bonus structure might also make it into this fiscal year, Smith explained:“The Board also decided that for the current fiscal year, which ends on June 30, the Compensation Committee will consider explicitly each SLT member’s cybersecurity performance when it makes its annual assessment of the executive’s performance,” he wrote. “Beyond the design changes to our executive pay program to include a greater accountability for cybersecurity, the Board also has the ability to exercise downward discretion on compensation outcomes as it deems appropriate.”Microsoft has come under a lot of fire lately, for its allegedly poor handling of major cybersecurity incidents. Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!In the summer of 2023, Microsoft Exchange Online was hit in a series of intrusions by a People’s Republic of China (PRC) backed actor tracked as Storm-0558, who gained access to the mailboxes of 22 organizations. The mailboxes were used by over 500 people, and compromised a number of US government representatives including Commerce Secretary Gina Raimondo, US Ambassador to the PRC R. Nicholas Burns, and Congressman Don Bacon.The attack has since been found to have been preventable, according to a report by the Department of Homeland Security (DHS) and the Cyber Safety Review Board (CSRB), stating that there were decision made pointing to “a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.”The review found that Microsoft’s negligence in signing key rotation resulted in a 2016 key remaining active in 2023. Furthermore, a number of critical security controls that were standard practice for other CSPs at the time of the attack were not in place, which could have detected and prevented an intrusion of this scale.Microsoft were also found to have issued conflicting communications at the time of the incident, stating that the 2016 key was likely stolen during a “crash dump,” then later stating that there was no evidence to suggest the key was stolen in this scenario.CSRB Acting Deputy Chair Dmitri Alperovitch said, “This People’s Republic of China affiliated group of hackers has the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government. Cloud service providers must urgently implement these recommendations to protect their customers against this and other persistent and pernicious threats from nation-state actors.”Via CNBCMore from TechRadar Pro

Share this
Tags

Must-read

Mortgage Rates Could Fall Another Half Point Just from Market Normalization

It’s been a pretty good year so far for mortgage rates, which topped out at around 8% last year.The 30-year fixed is now priced...

Goldman Sachs loses profit after hits from GreenSky, real estate

Second-quarter profit fell 58% to $1.22 billion, or $3.08 a share, due to steep declines in trading and investment banking and losses related to...

Half of Japan’s chip-making equipment exports headed to China in Q1 · TechNode

Japan’s Ministry of Finance trade statistics show that half of Japan’s semiconductor manufacturing equipment exports were heading to China in the first quarter, according...
spot_img

Recent articles

More like this

LEAVE A REPLY

Please enter your comment!
Please enter your name here