Let’s jump in with two things: firstly, the need for security is not an option but a necessity, and secondly, no system can ever 100% guarantee protection from every threat.
Instead, the goal should be to reduce risk, increase awareness of threat issues, and have an appropriate level of security. It’s important to understand these concepts for the business repercussions they can have on your MSP.
Simply put, your clients expect you to protect them, or they’ll take their business elsewhere. By the end of this article, you’ll know how to fortify their security posture and why it is so important to do so.
If you’re looking for more details, don’t forget to watch the full webinar on the subject here.
Why Microsoft 365 security discussions are important
Is it because Microsoft lacks security in its products and services?
No, the company has a very high standard of protection; the fact is that because it is one of the most popular operating systems, there will be individuals wanting to access these rich targets.
In short, the popularity of the Microsoft 365 platform with businesses, especially small to medium ones, also makes it a prominent target of cyber-attacks. For a deeper understanding of the threat, here are five common security threats that most companies face:
From our experience, the best way to start building a solid security system is to understand the cyber attackers’ motivations. One of the most common cyber-attack behaviors that we regularly see is ransomware-based attacks. This type of threat can pose more than one problem.
The threat of having to pay a ransom fee to avoid losing access to information, or having it released to the public, is a stressful position to find oneself in. For instance, if the attacker can access a client’s IT infrastructure (potentially through Microsoft 365), their data can be stolen, including their customers’ data.
We have seen some smaller enterprises try to dodge cyber security costs because they thought they would not be the subject of attacks due to their size, but statistics show that this assumption is incorrect.
2. End-point access and data exfiltration
Another vulnerability many MSPs face is end-point access and data exfiltration, of which a large part could be attained through Microsoft 365.
End-point access is when attackers gain access to infrastructure by taking control of a valid end user’s account or, worse, a privileged account (i.e., admin account). One of the ways in which someone may gain access to this information in Microsoft 365 is through Account Enumeration.
Account Enumeration is a well-documented issue, and for now, Microsoft has decided to accept that level of risk, which brings us back to the beginning of our conversation: it is impossible to reach a zero probability of risk.
Of course, a multiple million-dollar video game company will require a very different set of cyber protection than a startup working out of a garage. It’s about having the appropriate level of security that is tailored to your business and its needs.
Another level of attack that requires soma attention is the ever-present phishing scams. This threat consists of receiving an email that appears from a trusted source, the message then asks the user to do something that seems legitimate, such as clicking a link to confirm something, but it is just a way to gain access to the system.
Ironically, one of the most common phishing emails that Microsoft 365 users receive looks just like a Microsoft official email. These fraudulent emails usually ask the receiver to supply information or do something to help Microsoft improve security, only to then gain access to their device, creating a security threat.
4. Password spraying
In the past, password spraying consisted of attackers trying to log in using millions of random password combinations hoping that one would eventually gain them entry to the system. Now, to prevent this, most log-in interfaces allow a limited number of attempts before the user is locked out. This is why password spraying has become more focused and targeted.
Attackers will take a smaller list of very common passwords and attempt to access as many company users’ accounts as possible within the allotted number of attempts to avoid raising any alarms.
Stealth attack operations like this make their actions more difficult to detect, especially when dealing with companies that have hundreds or thousands of employees regularly logging in and out.
5. Credential stuffing
Credential stuffing is a common type of cyberattack in which a cybercriminal uses stolen usernames and passwords from one organization to access user accounts at another organization.
The logic behind these attempts is that many people use the exact log-in details on different sites because they either don’t want to use a password manager or don’t want to develop a system to remember different passwords for various sites.
A client example
Having examined some of the most popular security threats, let’s now look at a case study of a client that used our cyber security services. The client was a small U.S.-based research firm with 85 employees that had been with Sherweb for a long time and had recently started using Office Protect.
Around 11:30 PM, the team received a notification letting us know that there was access from an unauthorized country. We first analyzed the client’s baseline and reviewed their operating hours, office locations, sensitive accounts, global administrators, and other types of information we collect from all our clients.
In this case, we saw that the access happened outside their company’s operating hours and locations. Thankfully, the account accessed was not sensitive, and interestingly it did not have an MFA (Multi-Factor Authentication).
Our team went through further analysis to protect generated events and dug through the Microsoft 365 logs. We then performed and recommended the following steps to the client:
- Identify a forwarding rule in their exchange account
- Suspend the user and temporarily remove their access to everything
- Document the incident to ensure traceability and follow the client’s escalation path, which requested to be called outside business hours
- Reset the password and re-enable MFA
Client investigation revealed that the breach was caused by password reuse.
Thanks to the help of Office Protect and the team’s quick actions in recognizing the issue and suspending the user outside the client’s business hours, the client could reinstate the affected user before operating hours without losing any productivity time.
How Office Protect can help fortify your Microsoft 365 security
The tools within Office Protect fortify system security by auditing log-ins and identifying unusual activity before it becomes a disastrous security threat. Here’s an overview of some of its essential features:
- It protects your Microsoft Office system by constant automated monitoring of potential security vulnerabilities.
- Once a threat is detected, it performs an investigation and analysis to provide your organization with the most appropriate counter-response.
- It dramatically increases the speed at which you can respond to cyberattacks with 24/7 monitoring.
- Advanced reporting allows you to generate custom reports and get an easy-to-understand view of your Microsoft 365 environment.
- It looks out for vulnerabilities like changes to security policies, unusual log-ins and activity, account creation, multi-factor authentication, password hygiene, phishing scams, and much more.
- Our security analysts can review an alert within 60 minutes or less and later provide a report and consultation to set up best practices.
Having the right partner can be instrumental for your cybersecurity success
The Office Protect team’s commitment is to protect your data to the highest degree possible while ensuring the least impact on company productivity. Our world-class team of experts is here to provide you with the resources and knowledge to ensure you have a robust security stack.
Our cyber protection services offer 24/7 monitoring, detection, and response. Review our Office Protect Plans to see what level of protection is appropriate for your enterprise.
If you feel your Microsoft 365 tenants are vulnerable to the threats discussed in this blog post, please watch our webinar to learn more.