Microsoft 365 provides peerless collaboration tools and accessibility from any location, on any device. But the broad range of user features and functions also bring complex cyber-security challenges.
In any enterprise that uses Microsoft 365, the risk of a breach arises from both inside and outside the organisation – driven by bad actors as well as employees who make mistakes or use the platform carelessly. And once accounts or user credentials are compromised, this leaves your enterprise wide open to a range of risks, including executive impersonation, financial fraud, sensitive data theft, reputational damage and business disruption.
Three key security threats
1. Credential theft
With a stolen username and password, hackers can access Microsoft 365 mailboxes, business data and more. Even two factor authentication is increasingly being defeated through man‑in‑the‑middle attacks and other targeted approaches. With the right credentials, bad actors can impersonate executives, send fraudulent emails, and access and distribute sensitive information.
2. Abuse of privileged rights
From the Microsoft 365 administration platform, it’s incredibly easy to access any user’s email, SharePoint or OneDrive, without that user’s knowledge. 70% of attempts to steal credentials are focused on admin accounts – hackers know the power of these accounts. Internal or external malicious actors in the admin platform can bring an organisation to its knees.
3. File sharing security
It is a complex challenge to manage SharePoint and OneDrive document security, due to the large – and easily scalable – number of users on the platform. Users have the power to share files widely, and can erroneously or maliciously give bad actors access to sensitive assets. And as the number of users grows, file sharing relationships can quickly spiral out of control.
Are standard cyber security tools able to keep pace?
Today’s cyber security solutions largely focus on collecting vast lakes of data and using sophisticated technology to analyse this information. This approach also depends heavily on large teams of highly trained (and expensive!) security analysts to identify and verify threats.
Applying this model to the Microsoft 365 environment would lead to a phenomenal increase in the volume of data, and associated costs. Time to detect and remediate would be unsustainable.
It’s time for a new approach
To address these shortcomings, a new school of thought focuses on self-service cyber-security. This strategy involves users in the collective defence of an organisation. Ongoing cyber security education and training play a valuable role, but beyond this – the goal is to empower users with tools to monitor their own apps, accounts and other assets.
Why? Because users are best positioned to identify whether suspicious events and behaviour are legitimate or malicious. A user-centric system that is able to distinguish between legitimate actions and threatening incidents in context, based on individual user profiles, is hugely efficient in the Microsoft 365 environment.
This type of solution can help users to monitor and control who can access their accounts, change their configuration, or access their sensitive SharePoint libraries.
- This helps to protect the enterprise at scale as you now have an entire cyber army working together.
- It increases the efficiency of the security team, SOC and SIEM - because these resources only have to process genuine, user-verified threats.
Most importantly, time to detect and remediate these Microsoft 365 breaches is massively reduced.
IDECSI can help your users secure your business. Learn more about our Microsoft 365 security solution.
