Q: What puts Microsoft 365 users at risk?
A: It’s a public platform that is well known and highly targeted by threat actors. They know where the front doors are; they can access it just the same as you. It’s not a private system, it doesn’t need to be found. If they have your email address, they can attempt to log in. So strong passwords, user training, and multi-factor authentication are good mitigators of risk.
Q: What specific tactics do threat actors commonly use against Microsoft 365 environments?
A: Common tactics are well-crafted phishing campaigns as well as brute force authentication.
Q: What makes those techniques especially effective?
A: User inability to discern when they’re being phished, poor user training, and poor passwords in general, as well as password reuse.
Q: What steps can businesses take to protect their Microsoft 365 environments?
A: Training, multi-factor authentication, hardening Microsoft 365, and then ultimately monitoring activity for signs of unauthorized use. Most organizations don’t realize that M365 isn’t as secure as it can be by default. Taking the time to reconfigure policies and settings can go a long way towards protecting yourself.
Q: What are the risks to organizations that don’t have protective measures in place? How might they suffer from an Microsoft 365 attack?
A: Access to a M365 account opens up access to a world of data and opportunity for an attacker. Once access is gained, the threat actor is now well positioned to launch attacks against other employees, customers, and vendors from a position of trust. Common attacks are social engineering attempts against finance departments to change payroll information or divert customer payments to unauthorized bank accounts, often via existing email threads they locate in the mailbox.
Unauthorized access also creates legal issues to the business, especially if the mailbox contains sensitive and/or regulated data such as Social Security numbers or credit cards (which unfortunately does happen). If such data is present, an organization now has reporting and other legal obligations.
Finally, it’s also important to point out that risk extends beyond email. M365 email accounts are the same accounts used to access, update, and download files from company SharePoint sites and OneDrive.
Q: And what specific Cybersafe services or solutions would you recommend most for users who are concerned about protecting their Microsoft 365 environments?
A: Basically, for any organization who uses Microsoft 365, our threat monitoring programs provide a Microsoft 365 monitoring component. Whether you’re doing our SOL EDR, SOL SIEM, or SOL XDR, we’re going to monitor your Microsoft 365 tenant.
Q: Is there anything else you’d like to add about Microsoft 365?
A: Ultimately, it’s a great platform that enables businesses to do more, quickly and easily. However, because of how accessible it is, organizations must invest the time to understand its risks and take appropriate actions to mitigate them. This hardening guide is designed to help organizations do just that: understanding where security risk exists and the steps and items you can take to mitigate those risks.
Perhaps it’s worth it to mention Microsoft 365 is always evolving. Cybersafe spends a lot of time understanding new features, new security controls, new things that Microsoft is doing, and evaluates what risks these updates/changes introduce. It’s a very dynamic platform, and it does take paying attention to.
The experts at Cybersafe Solutions work around the clock to ensure our clients’ systems are well protected. Our robust suite of services and solutions provide the highest standard in detection, response, and containment. Contact us today to learn more about how we can help secure your Microsoft 365 environment.