CyberSecurity On Microsoft Breaching
First Draft Of Paper Two
Olatunde Michael Epebinu
CDF 281
Professor Stuart Denrich
4/11/21
Cyber Security
Background Information on Microsoft
Microsoft is a company engaged in supporting, licensing, and developing a wide variety of software services and products. The company’s aggressive strategies in the software market are some of the factors that have contributed to the company’s success in multiple locations. Investing in the mobile phone and gaming market has contributed to the large market share the company has secured worldwide. However, the company has also been exposed to cybersecurity issues like many other software companies. Understanding the nature of cybersecurity experience at Microsoft is essential for creating and designing better mitigation measures for the company in the future.
The company’s investment in creating and distributing Windows Mobile OS is among the most brilliant assets the company has made. This Mobile Os are used by numerous sellers such as LG, Samsung, and HTC. Releases such as the Xbox 360 and the Xbox are among the successful moves the company has had in the video game market. Another milestone, the company, made is acquiring Skype in 2011 to compete with other communication software such as Google’s Voice and Apple’s Facetime. The diversification strategies utilized by the company have also contributed to its widespread market share. For instance, investing in cloud computing software such as the Windows Azure platform has increased the brand’s position and market share because consumers can create various computing infrastructures (Gregory, 2019). The company has continued to engage its employees and stakeholders in enjoying significant amounts of profits.
Mission
Microsoft’s mission is to empower organizations and individuals worldwide in achieving more (Gregory, 2019). This empowerment of individuals and organizations is attained through the development of a variety of computing products.
Organizational Structure
The company’s organizational structure can be defined as a product type divisional organizational structure. This is because the company utilizes a system containing divisions based on organizational outputs or the software’s nature and hardware products. Besides the most dominant structural design: product type divisions, its organizational structure is also divided according to global corporate groups and geographic segments. Product type divisions involve the uses of output or products as the primary criterion for grouping personnel and the resources they need. For instance, the Intelligent Cloud products division was created as a self-contained division to enhance its product innovation capacity (Lombardo, 2018). Other product type divisions include personal computing, intelligent cloud, and the departments that address business and productivity processes.
Global corporate groups define the company’s organizational structure based on the computer technology business’s most essential functions. Dividing these structural characteristics into various segments ensures that the organization can function seamlessly as a whole. Some of The major global corporate groups are legal, technology and research, finance, human resources, marketing, worldwide commercial business, and the worldwide commercial business segments (Lombardo, 2018).
The company’s geographic segmentation is based on the group operations that the company has in different jurisdictions. This segmentation is strongly referred to strongly in the two major geographic segments: the international and the United States segments (Lombardo, 2018). Defining the company based on these various structures improves the company’s delivery because of the increase in the company’s specialization.
Mission Critical Systems
Microsoft has also made significant investments in ensuring the cybersecurity of its consumers is enhanced appropriately. The company’s investment in the Mission Critical System was a technique of addressing various security incidents that had occurred in various customer experiences, and security incidents included the detection of impossible travel alerts, numerous phishing email that was detected by the M365 team, password spray attacks, and numerous reports of risky sign-ins. Failure to address these concerns was risky because it could have created negative perceptions of its ability to enhance its consumers’ security(Fowler &Sitnikova, 2019). However, the mission-critical support system has addressed these concerns appropriately according to each customers’ needs.
The company launched a Premier-Mission-critical support system to address enterprise customers’ needs, requiring personalized support for their critical operation. This critical support plan improves the company’s previously existing support plans by providing committed company solution engineers who are available permanently to provide their expertise and support(Fowler &Sitnikova, 2019). The company’s mission-critical solutions segment enhances consumers’ capability to identify the most appropriate mission-critical technologies that suit their various business functions.
Due to the nature of the mission-critical solution system, there are no off-the-shelf prices of the systems. The rice of the system is dependent on the assessments made by the team on a customer’s specific needs for their personalized packages. The usual response time is 30 minutes, enhancing the overall customer experience using these mission-critical systems. These packages are available depending on Microsoft products such as Windows Server, Microsoft SOL Server, Microsoft Dynamics CRM, and the NET Framework (Fowler &Sitnikova, 2019).
Breach Analysis
According to Microsoft, the US, the UK, and six other countries have encountered losses after hacking on their systems allegedly by Russian hackers. According to the company, such attacks have costly risks to private and government networks worldwide. Investigations by the company showed the attacks of various IT companies, NGOs, think tanks, government agencies, and customers that were negatively impacted by the attack (Oxford Analytica, 2020). The attack is estimated to have begun after installing compromised government systems, with most of these customers being in the US government.
Orion, a famous network management tool for IT systems, is believed to have been the software that hackers primarily compromised. The particularly affected departments are the Information and administration departments, the Treasury, the National Telecommunications, and the Department of Commerce (Oxford Analytica, 2020). According to security sources, the hack’s intention was to steak military and government secrets in a highly sophisticated espionage operation.
The company was able to attribute the attack to its systems by involving various clients utilizing its antivirus software. Microsoft accepts having been impacted by the SolarWinds attack even though access to customer data and production services had not been identified yet. The attack’s global ramifications involve the company’s technology supply chain’s vulnerabilities in various national capitals. However, Russia denied the attack’s responsibility, defining it as another allegation by the US government that was not true (Gujraniya et al., 2018). The US government is making serious efforts to ensure that its systems are safeguarded from attackers who could create a vulnerability of the company’s systems.
Financial damage
The conduction of analysis conducted by Kovrr and BitSight can show the Solar Winds Attack’s cost components. Estimations of the attack costs are done based on the size, industry, and location characteristics of various organizations. The insured losses that multiple companies incurred are approximately $90,000,000. However, this estimation includes the cost of forensic and incident response services for companies that have sought cyber insurance coverage.
Microsoft’s report showed that approximately 18,000 companies that utilize the company’s software were affected by the attack. Nonetheless, Microsoft also noted that even though the affected companies were so many, the major ones that were targeted were roughly 40. A majority of the financial losses were felt in the US, mainly because over 70% of attacks occurred in companies whose operations are majorly in the US. The other countries that encountered significant financial losses are companies in the UAE, Israel, the United Kingdom, Canada, and Mexico(Shah, 2021).
An interesting factor of the attack was that the attack was focused on collecting sensitive data instead of exploiting organizations in a large-scale manner. The attack was not considered a cyber catastrophe for the entrepreneurs who provide cybersecurity insurance is because of the nature of the exposure experienced by these companies (Shah, 2021). However, insurers were particularly concerned about the possibility of the attack escalating in the future and costing the industry more financial losses.
Preventive measures
Creating more robust threat detection software is a suitable way of addressing attacks such as the SolarWinds Attack. This is primarily because the attack was unnoticed for a more significant part between March and December 2020. Ensuring that detection software is more robust is a suitable way to prevent such attacks from occurring in the future because such threats will be identified in good time or before they occur.
Threat detection software is fundamental in provisioning organizations with information about emergent cybersecurity attacks, exploits, and multi-variant forms of malware. Specific information to organizational networks will illuminate the functionality of hazards, their breaching capabilities, and remedial actions. Security professionals and IT professionals must incorporate the intelligence data on emergent and evolve breaching techniques to help advance remedial and mitigation techniques to prevent possible future attacks like the SolarWinds attack.
Vulnerability Management Software and Security Information and Event Management (SIEM) can be integrated into the organization’s security system to facilitate the generation of synonymous information as threat intelligence products. SIEM provides real-time updates on emergent threats and actionable intelligence and concentrates on the organization’s security ecosystem. Examples of Threat Intelligence Software that can be implemented in an organization’s security ecosystem include Intezer Protect, SIRP, Dataminr, ActivTrak, McAfee Threat Intelligence Exchange, Authentic8 Silo, Cisco Talos, and CrowdStrike Falcon: Endpoint Protection.
Endpoint detection tools such as CrowdStrike Falcon constitute technology platforms that alert security professionals of breach activity, prompting fast investigation and containment of malicious activity. Endpoints constitute laptops, employee workstations, cloud systems, laptops, mobile devices, or IoT devices. Hassan, et al., (2020), indicates that Endpoint Detection and Response (EDR) tools are vital components that provide insight into sophisticated breaching actions by matching system events from cross lists of already identified adversarial events. Current EDR solutions have been faced with challenges like there is a high volume of false alarms, which leads to backlogs, identifying the veracity of the identified threats calls for huge manual labor. Log retention creates a resource burden which causes the saved system logs detailing the long-lived attack to be deleted before the investigation commences.
A holistic approach to threat management in an organization is an efficient means of minimizing critical cybersecurity breaches, cybercrime, and espionage without the interruption of beneficial uses of IT technology and devices facilitated by multi-professional governance. Boehm, et al., (2018), identifies that a holistic approach to cybersecurity impacts security loopholes within the organization, their implications for organizational structures, processes, and governance. The holistic strategy for threat management entails (i) identify the risks and risk appetite (ii) analysis and evaluation (iii) treatment (iv) monitoring.
Recommendation
Firstly, enhancing software supply-chain functions is a suitable mitigation and prevention measure. Considering that this attack’s primary sources were a complicated combination of supply-chain failures, enhancing these supply-chain functions in advance can ensure that Microsoft mitigates the possibility and negative impact of supply-chain failures. Secondly, software developers from Microsoft should consider learning better mitigation measures from various sources. For instance, even though the negative impact of the attack has been felt on a large scale, some companies, such as Linux, have analyzed the vulnerabilities experienced and provided suitable recommendations for avoiding similar disasters in the future (Vaughan-Nichols, 2021). Studying and consulting the opinions of other developers opinions will enhance the companies’ ability to prevent search attacks in the future.
Conclusion
Cybersecurity issues affect many technological companies negatively because of the adverse impact cyber insecurity has on companies’ financial performance and the loss of government secrets. Microsoft has significantly impacted the software and hardware industry mainly due to its aggressive diversification strategies that seek to address various consumers’ needs. One of the company’s significant cybersecurity issues includes the SolarWinds attack that affected the company because of the vulnerabilities identified in the company’s software utilized by many companies worldwide. The financial losses by the attack are estimated to be approximately $90,000,000. Creating more robust threat detection software is a suitable prevention measure. Enhancing software supply-chain functions and learning from other software developers is an appropriate method of addressing the need to create more robust threat detection software. Enhancing Microsoft’s cybersecurity measures is a convenient method of securing its market share in the Information Technology Sector. Information technology’s importance is rising over time. Therefore, Microsoft must ensure that it has designed appropriate systems to enhance the security of its services and operations.
Works Cited
Boehm J., Merrath P., et al., (2018). Cyber risk measurement and the holistic cybersecurity approach. McKinsey&Company.
Fowler, S., &Sitnikova, E. (2019, November). Toward a framework for assessing the cyber-worthiness of complex mission-critical systems. In 2019 Military Communications and Information Systems Conference (MilCIS) (pp. 1-6). IEEE.
Gregory, L. (2019). Microsoft’s Mission Statement & Vision Statement (An Analysis) – Panmore Institute. http://panmore.com/microsoft-corporation-vision-statement-mission-statement-analysis
Gujraniya, D., Waseem, M., Balamurali, A. R., & Singh, S. (2018). Ransomware Command and Control Detection using Machine Learning.
Hassan, W. U., Bates, A., & Marino, D. (2020, May). Tactical provenance analysis for endpoint detection and response systems. In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 1172-1189). IEEE.
Lombardo, J. (2018). Microsoft Corporation’s Organizational Structure & Its Characteristics (An Analysis) – Panmore Institute.
Oxford Analytica. (2020). Fallout of SolarWinds hack could last for years. Emerald Expert Briefings, (oxan-es).
Shah, S. (2021). The Financial Impact of SolarWinds Breach. Retrieved 27 February 2021, from
Vaughan-Nichols, S. (2021). SolarWinds defense: How to stop similar attacks | ZDNet.
