Many enterprise organizations use Office 365 (recently renamed Microsoft 365) as a robust suite of secure communication apps, productivity tools, and even as a cloud infrastructure service. While Microsoft provides outstanding built-in security features, the sheer size of the service and its number of users creates an inviting target for threat actors. In this article, we’ll go over potential risks that organizations might face when using Microsoft 365, what built-in security tools they have access to, and what complementary tools you can use to comprehensively defend your organization.
Microsoft Office is used a lot. A PTG article recently reported that nearly 1 in 5 corporate employees use an Office 365 cloud service and by user count, Office 365 is the most widely used cloud service. Its market share is only second to Google Apps (42% vs 53%, according to Statista at the time of this writing) and a Gartner report recently noted that 58.4% of sensitive data in cloud documents are stored in office documents.
While this level of penetration, especially on the enterprise side, is good for Microsoft, it also paints a target on the tech giants’ head. Cybercriminals and nation-state actors can target Microsoft’s applications and focus their exploit development and vulnerability scanning on Microsoft software, knowing that a success in that area will allow them to deploy these exploits to a huge audience.
Threat actors, knowing that a huge majority of internet users use Microsoft 365, will develop phishing and spam campaigns taking advantage of that information or outright impersonating them.
Trustwave has documented research detailing how Microsoft 365 users have been targeted with specific threats and attacks. The 2020 Global Security Report has found that over 46% of emailed malware detected in 2019 used .doc and .docx file types. We’ve also previously documented how bad actors can hide malicious code, links, or attachments in emails, leveraging Microsoft 365 documents because they’re widely used and trusted. Trustwave SpiderLabs also found that users were receiving phishing emails that prompted them to download fake Windows Updates that were actually ransomware.
There have been multiple instances of email campaigns where spammers impersonate Microsoft and link to spoofed sites designed as Microsoft log-in pages to steal victims’ log in information. According to the previously mentioned Gartner analysis, on average, “an organization experiences 2.7 threats each month within Office 365.”
Clearly the risk posed to enterprises is significant. Threats and new methods of attacks targeting Microsoft’s software continue to evolve. Fortunately, when it comes to security, there are options worth considering.
Microsoft Office provides solid protection if you’re an enterprise business premium user. While standard members get preventative measures like Windows Defender, spam filters, multi-factor authentication (MFA), and ransomware protection, premium users can also leverage messaging encryption, advanced threat protection (ATP), data loss prevention (DLP) policies, and exchange online archiving (EOA), which provide a robust way of archiving data and reducing your litigation risk.
While this suite of tools and software provide a good balance of prevention and detection, you have to ensure these cybersecurity measures are properly configured so they can work effectively with your organization’s specific environment.
If you haven’t yet, Microsoft also has a comprehensive page that details how to set up some of these tools and features for your organization.
Unfortunately, as helpful as Microsoft Office’s suite of security tools is, you may have some security gaps, especially if you’re not an enterprise business premium user. And even if you do have the full suite of security products, you may not have the protection you require given how quickly threat actors move. A recent study found that 25% of detected phishing attacks bypass default security measures built into Office 365.
In order to further bolster your defenses, we recommend focusing on your email security, user rights management, and database security.
Black hat hackers are primarily going after their targets by way of phishing and targeted email attacks designed to bypass traditional detection software. Investing in the right comprehensive email security tool will be able to flag malicious emails even if hackers go to great lengths to hide the link or malicious code deep within an email or its attachment. This helps ensure you can detect an attack, giving you the opportunity to respond appropriately.
User rights management is incredibly important in the event that a cybercriminal succeeds in their attempt to steal log-in credentials. If they’re able to get into your network, their ability to access your extremely sensitive data and cause damage is limited if you’ve put in parameters limiting what access a given employee has within your network.
Database security is also essential to make sure that if a breach does happen by way of a Microsoft 365 vulnerability, you’ll be able to protect your most important assets. As we covered in a previous article, the right kind of database protection will provide visibility into the relationships of users and applications and the data objects they have access rights to, so that you can work with the business owners to reduce access. While that process is occurring, database monitoring will help you flag any anomalies or odd behaviors that may occur from a compromised employee’s account.
Microsoft 365 is an incredibly important tool for enterprises. To protect your organization, make sure you’re always updating your software, making the most of the available security tools Microsoft offers and consider leveraging additional solutions to make up for any potential gaps in detection and/or response.
To learn about how Trustwave can help you supplement your Microsoft 365 security, check out our Active Defense and Extended Protection for Office 365 or read our white paper on Office 365 security.