Office 365 Remains a Target for Cyber-criminals

Written by

Since  launching a decade ago, Microsoft Office 365 has become ingrained in the lives of millions of working individuals, with nearly 200,000 businesses using Office 365 in the UK alone. Without question, the UK workforce logs on in the morning and starts up any number of Microsoft systems, including emails, Excel spreadsheets and Word documents. However, this routine reliance creates ample motivation for cyber-criminals to work their way into business systems.

This cloud-based software has become a primary target among criminals because of the high number of companies that use it and the magnitude of impact associated with a successful breach. However, the levels of unmanaged risk around Office 365 is often underestimated, especially at more senior levels.  

An Element of Self-Delusion

The pandemic has led 97% of IT security decision makers to extend their use of Microsoft Office, and 45% are concerned there will be increased attacks through IoT and connected devices. Part of the problem when considering a company’s resilience to cyber-attacks is the differing opinions about how proactive and effective each security stakeholder believes their approach to security is.

A recent survey from Vectra reveals a high level of confidence among security teams in the effectiveness of their own company’s security measures. Nearly four in five teams claim to have good or very good visibility into attacks that bypass perimeter defenses like firewalls. Yet, in reality, 71% of enterprise Office 365 deployments have suffered an account takeover of a legitimate user’s account at an average seven times in the last year. There is an interesting contrast of opinions between strategic management level respondents and practitioners such as security operations center (SOC) analysts, with such managers exhibiting much greater confidence in their defensive abilities. This often misplaced confidence may form from the idea that following best security practice will guarantee protection from attacks. However, the reality is that many of these best practices focus on prevention which, while valuable as one piece of a broader strategy, has diminishing efficacy against motivated adversaries.

The Main Security Concerns of Office 365 Users

Concerns are on the rise, with four in five IT security teams having seen cybersecurity risks increase in the last 12 months. Given the high number of account takeovers, companies must take it upon themselves to track and secure identities as they move from on premise operations to the cloud. Just one in three security professionals believe they could identify and stop an account takeover attack immediately, whereas the majority expect to take days or even weeks to intercept such a breach. 

While phishing attacks are one of the most common approaches for gaining initial access, more and more organizations are beginning to appreciate the risks inherited from their supply chain, such as the recent SolarWind’s Orion attack, where malicious code exposed 18,000 firms to infiltration by criminals and national state actors.

In order to have the best chance of defending their business against these threats, IT teams must address the ratio between proactivity and reactivity. As it stands, 38% of security teams spend time on reactive investigations, compared to the 24% who spend time on proactive investigations. This ratio needs to change.

What Organizations Can do to Protect Their Assets

So far, 58% of security decision makers plan to invest more money in technology and people to improve their security posture throughout 2021. The key to security in a complex cloud environment is the ability to cut through the noise and identify signs of suspicious activity across the entire environment, treating on-prem and cloud networks as a unified whole. Solutions, such as AI-driven network detection and response (NDR), provide IT teams with complete visibility into the entire Office 365 ecosystem, extracting data and detecting indications of misbehaving or compromised accounts. Analysis of the extracted data can also show which threats require the most immediate attention, allowing teams to prioritise and manage resource deployment effectively.

Often IT teams are advised to have a solid understanding of which Office 365 accounts have access to sensitive data, as these accounts will be the prime target for threat actors, and strictly limiting system and tool access to those required by job roles will limit the damage a compromised account can cause. Prior to AI/ML, this advice has rarely scaled to the operating realities of the enterprise — fortunately, times have changed. In addition, organizations must ensure their workforce is aware of how to use new tools safely — as well as educating them about threats such as adversaries impersonating the IT team in phishing emails. For 19% of security teams, the worst part of their job is the lack of understanding of security by end users. Those at senior levels must ensure all members of staff have access to the necessary training to protect the business assets.

The combination of effective visibility, awareness, and the right suite of tools and processes will give an organization the fighting chance they need to succeed. As Office 365 continues to dominate the business productivity landscape, organizations across different industries must focus on defending their Microsoft platforms from the adversaries seeking to exploit its extensive capabilities.

What’s hot on Infosecurity Magazine?