X
search

Tenable CEO called Microsoft cybersecurity practices 'blatantly negligent'

Pictured: Hamid Ganji
By Hamid Ganji
August 07, 2023
Featured image for Tenable CEO called Microsoft cybersecurity practices 'blatantly negligent'

Microsoft has become a target for public criticism nowadays after some serious data breach incidents hit the company. Tenable CEO Amit Yoran has now put Microsoft on blast over its cybersecurity practices. He said the company’s cybersecurity track record is “even worse than you think.”

Back in early July, a Chinese hacking group dubbed Storm-0558 targeted the Microsoft Azure platform. The company later confirmed that the data of around 25 different organizations were targeted. Additionally, hackers stole some sensitive emails from US government officials. Given the current tensions between the United States and China, the bad actors are more likely to be directly backed by the Chinese government.

Advertisement
Advertisement

Tenable CEO says Microsoft is putting its customers at risk

The Azure data breach was a big blow to Microsoft’s reputation as it handed some sensitive government data to China. Senator Ron Wyden asked the US Department of Justice to keep Microsoft accountable for its “negligent cybersecurity practices.”

Tenable CEO has called out the Redmond tech giant for its “grossly irresponsible if not blatantly negligent” cybersecurity practices. According to Yoran, Microsoft’s “repeated pattern of negligent cybersecurity practices” allowed Chinese hackers to exploit Azure data and steal sensitive US government emails. He added that Microsoft is “missing a moral compass” regarding cyber practices.

Tenable CEO also revealed his company had found more cybersecurity flaws in Azure. One of those flaws was a serious one that could allow hackers to access the company’s sensitive data, including a bank. Yoran stated that it took over 90 days for Microsoft to implement a partial fix, and the fix was only applied to new applications loaded in the service. This means the customers who launched the service prior to the fix were at risk.

Microsoft later released a fix for the issue after Yoran’s post went public. However, the Redmond company said no bad actor could ever exploit the flaw. “What you hear from Microsoft is ‘just trust us,’ but what you get back is very little transparency and a culture of toxic obfuscation,” Yoran writes.

Recent data breaches have made the US government take action. According to the latest law passed by the Securities and Exchange Commission, every company should disclose a data breach incident within four days of its discovery.