The 2023 Microsoft email hack conducted by Storm-0558, a group affiliated with China, was preventable according to a new report from the US Cyber Safety Review Board (CSRB). 

The CSRB is a forum of government and industry experts tasked with reviewing major cybersecurity events to provide recommendations to the President, and the director of the Cybersecurity and Infrastructure Security Agency (CISA)

The hack was discovered in an internal investigation in mid-June by Microsoft but had remained undetected for a month according to reports from 2023. Approximately 25 government officials and agencies were affected by the breach. 

According to the CSRB’s review, a series of decisions made by Microsoft enabled the hack to happen by creating a company culture that did not prioritise cybersecurity. 

The CSRB’s Chair Robert Silvers stated the importance of security in cloud computing. 

“Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy,” he said, “It is imperative that cloud service providers prioritize security and build it in by design.” 

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In future, the CSRB recommends that Microsoft creates a public plan for security-focused reforms. The CSRB stated that Microsoft had been compliant with its review. 

Following the seven-month review, the CSRB also created a set of recommendations to all cloud providers, including the implementation of modern control mechanisms, adoption of a minimum standard for audit logging and create vulnerability disclosure practices. 

CISA director Jen Easterly stated that she was confident that the CSRB’s report would be a call to action for cloud providers. 

“I am confident that the findings and recommendations from the Board’s report will catalyze action to reduce risk to the critical infrastructure Americans rely on every day,” Easterly said. 

Cloud is quickly becoming the mainstream for business across the globe. 

According to research and analysis company GlobalData’s 2024 thematic intelligence report into cloud, the total cloud market will be worth $1.4trn globally by 2027, with SaaS representing the largest segment of the market at 40%.