De-Risking Microsoft 365 Against Attacks and Downtime
A new survey shows enterprise CISOs want more security systems and services that fortify Microsoft 365 to protect valuable data and business continuity. by Thom Bailey
Companies have a lot riding on Microsoft 365 — not just email, collaboration, and productivity applications but the valuable business data produced by the workers who use all those apps. This investment in M365 has only increased with the growth of remote work, elevating the need to keep it secure — and running continuously — for the sake of the whole business. So, while M365 includes some security features that have lately been improved, many companies still turn to specialized security systems and service providers to fortify all they have staked on M365 against cyberattacks and downtime. In fact, 90% of security professionals surveyed for Mimecast’s State of Email Security 2022(SOES 2022) report see the need for additional layers of security to make M365 completely secure. Two-thirds say they experienced an M365 email outage in the past year.
Attacks on M365 and Email
Security professionals have a heightened sense of the risks their companies face on the world’s largest email, collaboration, and productivity platform. Cybercriminals are known to initiate most of their attacks in email. And, as more companies ramp up use of collaboration tools, they, too, are becoming another favorite entry point for cyberattacks. Three-quarters of SOES 2022 survey participants say the sheer volume of email they must protect every day is up this year, and so is the volume of email threats. They’re equally concerned about the growing sophistication of attacks, which keep evolving to evade detection. Nine out of 10 expect their business to suffer a tangible impact from an email-borne attack in 2022.
Business Risks Surrounding M365 and SaaS
The risks involved in using M365 and other software-as-a-service (SaaS) application suites are detailed in a 2022 white paper by the IDC market research firm, titled “Mitigate Risk in SaaS Environments with a Robust Data Protection Strategy.” From IDC’s perspective, “Every organization using a SaaS application suite should understand the risks associated with data loss, security breaches, regulatory noncompliance or service downtime.” These risks include:
- Downtime: For example, 59% of ransomware victims experience business disruption ranging from a few days to a week.
- Average cost of downtime: $250,000 per hour.
- Other consequences: These include direct loss of revenue, permanent loss of customers, reduced employee productivity, IT staff overtime and damaged brand reputation.
Fortifying M365 Against Risk
Mimecast also sees cause for companies to enhance any security that comes packaged with M365, along the following lines:
- Purpose: M365 is first and foremost a productivity applications suite, whereas an entire industry of companies specializes in security software that they continuously evolve with the most advanced capabilities.
- Monoculture: When companies put so many eggs in the same basket, they become part of a security monoculture. Cyberattackers continually hack away at the platform’s mode of defense, and they need only learn how to beat one company’s security capabilities to gain access. In March, a cybergang named LAPSUS$ was reported to be among the latest to target M365, in an attack Microsoft said it had largely deflected. A more diversified — aka, layered — security approach can lower the risk inherent in a monoculture.
- Simplicity: Diversity doesn’t mean complexity. Security vendors like Mimecast and its partners integrate with each other and directly with M365 using open APIs. That way, companies can streamline and centrally control their security profiles by plugging in a selection of best-of-breed technologies and comprehensive threat intelligence, shared in real time.
- Sophistication: As cybercriminals continually innovate their attacks, security companies like Mimecast are always adapting core and complementary systems and services using means including artificial intelligence technologies, continuous global threat intelligence feeds, and the latest standards for such specialized needs as brand protection.
Protecting Archives Against M365 Risks
Email archives hold a treasure trove of valuable files, customer information, and other business data shared in messages and online meetings every day. Yet, to protect themselves in the event of an attack or outage, only 20% to 30% of M365 users employ an additional backup or protection tool from a specialized security vendor, according to IDC.
“The data availability and resilience features and default retention in Microsoft 365 are good starting points, but they are typically not comprehensive enough for all compliance and business continuity needs,” IDC’s white paper concludes. “Enterprises relying on the baseline security and data protection capabilities offered by SaaS applications are exposing their application data to a higher risk of compliance issues, data loss, security vulnerabilities, ransomware attacks and business continuity problems.”
Companies like Mimecast provide mailbox continuity solutions that let employees continue to send and receive email even during a planned — or unplanned — M365 service interruption. Additional services protect and backup M365 data so that users can recover down to the item level, along with data management capabilities and analytics tools that eliminate manual processes and improve self-service capabilities. Important archive and backup attributes include data encryption at rest and in transit, full indexing and protection from accidental deletion.
Archiving Microsoft Teams
A 2021 Osterman Research survey sponsored by Mimecast also suggests the need to augment native MS365 archiving capabilities for the Teams collaboration application. Companies face regulatory and legal risks without adequate capabilities to archive, search, and protect the integrity of the growing amounts of data generated by Teams, the research shows.
Among other reasons, “third-party archiving solutions are more likely to offer a unified approach to policy definition and enforcement that works across multiple data types from various products, services and solutions,” Osterman concludes. Fewer policies covering a broader range of data types can reduce data loss.
The Bottom Line
Companies see a clear need for third-party email, collaboration and archiving fortifications for M365. Read about the risks they face and the protections they’re implementing in Mimecast’s State of Email Security 2022 report.
Mimecast is a valued sponsor of Camp Secure Sense! Register to attend their presentation on Confronting the New Wave of Cyberattacks on Camp Day 1 at 9:30am presented by Owen Dykstra, Security Strategist.
A staggering 84% of U.S. organizations reported phishing or ransomware attacks in the past 12 months and the average ransomware payment climbed to $570,000 during the first half of 2021, up from $312,000 in 2020. 72% say that the number of email-based threats has risen during that same time frame. As long as email remains our globally preferred tool, it will remain cybercriminals’ favorite delivery mechanism. Join us as reflect on the key findings of this year’s State of Email Security report and what they mean for organizations mired in the fight against phishing, ransomware, and other cyberattacks.
Camp Secure Sense is the leading IT Security Networking Event in Canada for the information technology leaders some of North Americas largest corporations. Register now to join decision makers and the Secure Sense team this year on September 28th & 29th.