Top 5 Secrets for Mitigating Cyber-attacks in Microsoft 365 Environments

Written by

As they work to scale network and supply-chain attacks, today’s cyber-criminals go where their odds are most favorable. Microsoft 365 is considered a juicy target. It has more than 250 million active users and can serve as an entry point to a business’ Azure cloud storage where administrative mistakes can open security gaps.

Microsoft 365 is considered a juicy target

To explore the challenges of protecting Microsoft 365 environments, Acronis recently sponsored a panel discussion in which five renowned experts on Microsoft and cybersecurity shared best practices for preventing and mitigating such cyber-attacks. Each expert provided one recommendation based on their experience of working with businesses that suffered an attack on their Microsoft-centric applications and data.

While the panel was in agreement that it takes a multi-layered approach in people, processes and technologies to stop a threat, each identified specific tactics that both businesses and managed services providers ought to implement to improve the defenses of their Microsoft environments:

1: Integrate and consolidate your cybersecurity tools and solutions

Candid Wüest, VP of Cyber Protection Research, Acronis

A recent survey discovered that 73% of organizations have more than five different solutions and agents running simultaneously – with 21% of these organizations running more than 10. This makes for complex processes, an increased probability of human errors, extended training times, and time-consuming, often-complex integrations. To add to the confusion, many of these solutions and tools use different terms to describe the same idea. By integrating tools, automating processes wherever possible, developing a breach response plan, and exercising that plan to ensure failover and failback using a checklist, organizations can mitigate breaches and improve incident response times. Partners new to the cybersecurity space can start with the NIST standard and expand from there.

2: Implement the principle of least privilege

Alex Fields, Real Human, Microsoft MVP for Cloud Services

It is important that a business only assign the rights required for a user to do their job, and to pay special attention to accounts with administrative privileges. Many times, a business will give administrative rights to both on-premises systems and cloud applications to every administrator. By doing this, you are giving the keys to your business to each of your administrators. Instead, compartmentalize administrative privileges so that some administrators have cloud-only accounts, while others only have on-premises privileges.

3: Use the Microsoft Secure Score tool

Scott Bekker, Editorial Director of Redmond Channel Partner and Converge360

Though originally designed for use by end-user businesses, it is also a good tool for use by managed service partner (MSPs). In today’s cybersecurity landscape, every MSP is expected to have baseline security as part of its services. This tool can help put basic security controls in place to optimize Microsoft, Azure, and Defender environments. It is also a good tool for MSPs to use for periodic, consultative check-ups with their clients and to measure how a business is improving its cybersecurity posture.

4: Provide continuous training for your in-house security experts

Keatron Evans, Principal Security Researcher, Instructor and Author, Infosec

Both users and security experts need continuous training to maintain alertness to the threat of potential cyber-attacks. Users need to understand that phishing is the most popular vector for cyber-attacks and that it is critical they keep their antennae up for fraudulent, malware-bearing emails. Just as important is continuous training for security professionals, as the landscape changes fast and criminals constantly iterate new strategies and tactics. Even with a well-equipped car and newly paved road, an untrained driver can still can crash. Thus, end-users and security experts alike need regular refresher courses on cybersecurity awareness.

5: Follow the three principles of the zero-trust model

David Bjurman-Birr, Security Architect, Microsoft

Zero trust means that you never trust anything or anyone inside or outside the network by default. The principle of least privilege that Alex Fields described earlier is another key tenet. Businesses must also focus on identity security by verifying every access attempt. Whenever user logs onto a device, there has to be a check that they are an authorized individual in a recognized location using a trusted device. Finally, work from the assumption that your business likely has already been breached or soon will be - regardless of the cybersecurity tools, solutions, policies, and procedures in place. That means that the development of an incident response plan must be a priority, with routine (at least annual) tabletop and live exercises to test it efficacy

These insights were taken from a recent panel discussion sponsored by Acronis. To hear their other observations and recommendations, watch the complete panel discussion here.

Brought to you by

What’s hot on Infosecurity Magazine?