[NEW] MYDATAMANAGEMENT TO CLEAN UP YOUR OBSOLETE, UNUSED AND VOLUMINOUS DATA

Microsoft 365

05 October 2018

Solving Microsoft 365 security challenges through user engagement

User engagement in security challenges

Microsoft 365 provides peerless collaboration tools and accessibility from any location, on any device. But the broad range of user features and functions also bring complex cyber-security challenges.

In any enterprise that uses Microsoft 365, the risk of a breach arises from both inside and outside the organisation – driven by bad actors as well as employees who make mistakes or use the platform carelessly. And once accounts or user credentials are compromised, this leaves your enterprise wide open to a range of risks, including executive impersonation, financial fraud, sensitive data theft, reputational damage and business disruption.   

 

Three key security threats

1. Credential theft

With a stolen username and password, hackers can access Microsoft 365 mailboxes, business data and more. Even two factor authentication is increasingly being defeated through man‑in‑the‑middle attacks and other targeted approaches. With the right credentials, bad actors can impersonate executives, send fraudulent emails, and access and distribute sensitive information.

2. Abuse of privileged rights

From the Microsoft 365 administration platform, it’s incredibly easy to access any user’s email, SharePoint or OneDrive, without that user’s knowledge. 70% of attempts to steal credentials are focused on admin accounts – hackers know the power of these accounts.  Internal or external malicious actors in the admin platform can bring an organisation to its knees.

3. File sharing security

It is a complex challenge to manage SharePoint and OneDrive document security, due to the large – and easily scalable – number of users on the platform. Users have the power to share files widely, and can erroneously or maliciously give bad actors access to sensitive assets. And as the number of users grows, file sharing relationships can quickly spiral out of control.

 

Are standard cyber security tools able to keep pace?

Today’s cyber security solutions largely focus on collecting vast lakes of data and using sophisticated technology to analyse this information. This approach also depends heavily on large teams of highly trained (and expensive!) security analysts to identify and verify threats.

Applying this model to the Microsoft 365 environment would lead to a phenomenal increase in the volume of data, and associated costs. Time to detect and remediate would be unsustainable.

 

It’s time for a new approach

To address these shortcomings, a new school of thought focuses on self-service cyber-security. This strategy involves users in the collective defence of an organisation. Ongoing cyber security education and training play a valuable role, but beyond this – the goal is to empower users with tools to monitor their own apps, accounts and other assets.

Why? Because users are best positioned to identify whether suspicious events and behaviour are legitimate or malicious. A user-centric system that is able to distinguish between legitimate actions and threatening incidents in context, based on individual user profiles, is hugely efficient in the Microsoft 365 environment.

This type of solution can help users to monitor and control who can access their accounts, change their configuration, or access their sensitive SharePoint libraries.

  • This helps to protect the enterprise at scale as you now have an entire cyber army working together.
  • It increases the efficiency of the security team, SOC and SIEM -  because these resources only have to process genuine, user-verified threats.  

Most importantly, time to detect and remediate these Microsoft 365 breaches is massively reduced.

IDECSI can help your users secure your business. Learn more about our Microsoft 365 security solution.

Our articles

These articles may
interest you

Microsoft Copilot data access secure
Microsoft 365
Security
Trends

Microsoft Copilot: 5 steps to secure data access

Lire l'article
Microsoft Copilot: the challenges for Data Security
Microsoft 365
Workplace

Microsoft Copilot: the challenges for Data Security

Lire l'article
Copilot: Microsoft's new generative AI
Microsoft 365
Workplace

Copilot: Microsoft's new generative AI

Lire l'article
Microsoft Loop: the latest features of the collaborative hub
Microsoft 365
Workplace

Microsoft Loop : new collaborative hub

Lire l'article

Data protection, let's discuss your project?

 

Contact us
video background