MS365 is now the #1 attack vector for cyber criminals because business email compromise is an easy way to prey on unsuspecting or trusting staff members. Since a hacker will often lurk within a breached environment before launching a full attack / ransomware, the sooner you can detect suspicious activity, the sooner you can minimize the impact of an attack.
Why is Microsoft 365 a target for hackers?
Because there’s a lot at stake…
Sensitive data
58.4% of a business’s sensitive data in the cloud is stored in Microsoft Office documents.
Confidential files
17.1% of the average company’s files stored in OneDrive and SharePoint Online contain critical data, including financial records, forecasts, business plans and personal information.
Most popular enterprise cloud
91.4% of businesses with at least 100 users are using Microsoft 365.
Protecting your email account is just as important as protecting your network because:
- Your sent/received emails often have sensitive personal, financial or health information – this includes customer lists, which itself can be very damaging if exposed.
- Your emails may have passwords for your other accounts, say bank accounts.
- Your email is often a means to reset your passwords for your bank, CRM or online accounting software such as QuickBooks. So if a bad actor has access to your email, they can change your bank account password.
To combat the above attacks, we recommend Managed Detection and Response (MDR), which is a combination of Endpoint Detection and Response (EDR) and a 24/7/365 Security Operations Center (SOC) staffed 24/7/365 by highly trained security engineers. And specifically, we recommend MDR for both your network and email environment.
Network MDR can detect and address a situation when an employee clicks on a link in a webpage that in turn installs malware on a workstation. Email MDR can detect and address the scenario in which a staff member exposes his/her password to Microsoft Outlook, which gives the hacker access to all their SharePoint data.
The Email MDR employed by LogicalNet monitors & responds to a wide range of threats including:
- Sign-in from unusual locations, unknown devices, or IP addresses
- Suspicious mailbox activity
- Suspicious 365 admin activity
- Account creation and deletion
- Suspicious email forwarding rules
- Public sharing of company data
- Management impersonation via email by cyber criminals
- SharePoint site creation or deletion
- Deletion from retention mechanism
With active management, threats are detected and contained 24/7 – after work hours, on weekends and during holidays – giving you a much higher peace of mind and security level.
If you do not already have Email MDR, please contact LogicalNet for a cybersecurity consultation. And if you do have MDR, set up a meeting to review the latest threats we handled on your behalf.
Defense in Depth
LogicalNet recommends a defense-in-depth / multi-layered security approach which consists of:
- Next generation firewall with active threat detection & prevention (IDS/IPS).
- Multi-factor authentication required for all users.
- End-point detection & response (EDR) for all workstations & servers.
- A 24/7 Security Operations Center (SOC) staffed with highly trained security engineers that can immediately contain and remediate critical threats as they are detected. The combination of EDR and SOC is often termed Managed Detection & Response (MDR).
- Off-site backup of all critical / sensitive data (with air-gapped & immutable features).
- Security awareness training with monthly training videos, quizzes and actual white-hat phishing emails.
- Active phishing email detection.
- Regular vulnerability scans with annual penetration testing.
And while the above can dramatically increase your security profile, we now highly recommend an MDR security layer to protect your Microsoft 365 tenant / environment.