We sat down for a Q&A with Keith Strassberg, Chief Operating Officer of Managed Security Services Provider (MSSP) Cybersafe Solutions, to learn more about cybersecurity threats in the Microsoft 365 environment. Formerly known as Office 365, the platform is popular with businesses looking to improve their productivity, but it is susceptible to attacks.
A: It’s a public platform that is well known and highly targeted by threat actors. They know where the front doors are; they can access it just the same as you. It’s not a private system, it doesn’t need to be found. If they have your email address, they can attempt to log in. So strong passwords, user training, and multi-factor authentication are good mitigators of risk.
A: Common tactics are well-crafted phishing campaigns as well as brute force authentication.
A: User inability to discern when they’re being phished, poor user training, and poor passwords in general, as well as password reuse.
A: Training, multi-factor authentication, hardening Microsoft 365, and then ultimately monitoring activity for signs of unauthorized use. Most organizations don’t realize that M365 isn’t as secure as it can be by default. Taking the time to reconfigure policies and settings can go a long way towards protecting yourself.
A: Access to a M365 account opens up access to a world of data and opportunity for an attacker. Once access is gained, the threat actor is now well positioned to launch attacks against other employees, customers, and vendors from a position of trust. Common attacks are social engineering attempts against finance departments to change payroll information or divert customer payments to unauthorized bank accounts, often via existing email threads they locate in the mailbox.
Unauthorized access also creates legal issues to the business, especially if the mailbox contains sensitive and/or regulated data such as Social Security numbers or credit cards (which unfortunately does happen). If such data is present, an organization now has reporting and other legal obligations.
Finally, it’s also important to point out that risk extends beyond email. M365 email accounts are the same accounts used to access, update, and download files from company SharePoint sites and OneDrive.
A: Basically, for any organization who uses Microsoft 365, our threat monitoring programs provide a Microsoft 365 monitoring component. Whether you’re doing our SOL EDR, SOL SIEM, or SOL XDR, we’re going to monitor your Microsoft 365 tenant.
A: Ultimately, it’s a great platform that enables businesses to do more, quickly and easily. However, because of how accessible it is, organizations must invest the time to understand its risks and take appropriate actions to mitigate them. This hardening guide is designed to help organizations do just that: understanding where security risk exists and the steps and items you can take to mitigate those risks.
Perhaps it’s worth it to mention Microsoft 365 is always evolving. Cybersafe spends a lot of time understanding new features, new security controls, new things that Microsoft is doing, and evaluates what risks these updates/changes introduce. It’s a very dynamic platform, and it does take paying attention to.
The experts at Cybersafe Solutions work around the clock to ensure our clients’ systems are well protected. Our robust suite of services and solutions provide the highest standard in detection, response, and containment. Contact us today to learn more about how we can help secure your Microsoft 365 environment.