Microsoft has reportedl ytold its employees they will be judged on their security awareness and skills following several recent high-profile incidents.
An internal company memo seen by Geekwire sent to all Microsoft workers has outlined the new way of thinking, which will apparently tie the company’s ongoing security goals with performance reviews.
Going forward, Microsoft staff will now be judged on alignment with security targets, as well as diversity and inclusion objectives. Internally dubbed ‘Connect’, performance evaluations now include employee’s security, meaning that bonuses and promotions could be impacted if there is a lack of security focus. Staff will now have to demonstrate impactful security changes they have implemented in order to determine compliance with internal targets.
A push for security
“When faced with a tradeoff, the answer is clear and simple: security above all else,” Kathleen Hogan, Microsoft chief people officer, wrote in the memo. “Our commitment to security is enduring. New and novel attacks will require us to continue to learn, innovate, and defend. Yet working together, we will make nonlinear improvements, stay alert, and meet the expectations of our customers.”
The news comes not long after Microsoft CEO Satya Nadella told workers of a new vision that sees the company “putting security above all else.”
This comes after a series of high-profile attacks affecting the business, including a recent data breach which allowed Russian hackers to compromise several US federal organizations.
Microsoft was criticized in the Department of Homeland Security’s Cyber Safety Review Board (CSRB) for making a series of ‘avoidable errors’.
The company also announced its ‘Secure Future Initiative’ in November 2023, outlining its broader vision for preventing and mitigating cybersecurity threats which have troubled the industry in recent years. The strategy was focused on software and engineering, specifically safeguarding identity management systems and reducing response time to patch vulnerabilities.
As part of its Secure Future Initiative, Microsoft tied executive pay to security performance, meaning bonuses and internal reward processes became a condition of cyber safety goals being met.