After Several Serious Security Incidents, Microsoft Announces Security as a Performance Metric for All Employees

In recent years, Microsoft has faced multiple serious security incidents. The most recent incident involved hackers infiltrating Microsoft's internal systems and stealing emails from some executives. These security issues have also attracted the attention of U.S. regulators, who claim that Microsoft lacks a sufficient security culture and needs thorough reform.

In a recent internal memo, Microsoft's Chief People Officer, Kathleen Hogan, outlined the company's expectations for its employees. Security will be a core priority for everyone at Microsoft, and when faced with trade-offs, the answer is clear and simple: security above everything else.

If a Microsoft employee lacks awareness of security, it could impact their promotion, pay raise, and bonuses. In simple terms, the impact on the core priority of security will be a key factor in determining promotions and rewards by management.

Microsoft now ranks security alongside diversity and inclusivity as one of the company's main priorities. Both tasks must be part of each employee's performance evaluation, and all employees must set their core priority on security in the fiscal year 2025.

Recent events have indeed shown deficiencies in Microsoft's management of security. For example, in March, a Russian hacker group known as APT29  Midnight Blizzard infiltrated the email accounts of some Microsoft executives and employees through a password spraying attack.

This security incident led to the theft of some Microsoft product source code and customer confidential data, once again revealing deficiencies in Microsoft's internal security controls. Over the past few years, Microsoft has experienced several similar attacks resulting in the leak of product source codes.

However, for a technology company of Microsoft's scale, where employees are expected to write more code or implement more features, making security a priority in evaluations means that employees' workloads could become even busier. This is why Kathleen Hogan mentioned that when faced with trade-offs, the choice should be in favor of security.

Whether this will help improve Microsoft's security remains to be seen. However, in recent years, other tech giants like Apple, Google, Amazon, and Meta have not faced very serious security issues, suggesting that Microsoft might indeed need to reform its entire security culture.