Making Sense of Office 365 Email (In)Security

Office 365 is ubiquitous throughout the digital landscape. With email being one of the most common forms of attack, the need for vigilance has never been greater.

Organisations need to understand that Office 365 (O365) is a cloud-based business system used for email, productivity, and collaboration. This platform and its data are a popular breach target for key threat actors who wish to extract data, elevate their privileges, abuse resources, or delete data.  There is also an insider risk whereby so called ‘trusted employees’ take steps to exfiltrate/spill or delete sensitive data or obtain persistent access by building in backdoor accounts.

Targeted email attacks such as Business Email Compromise, spear phishing, and ransomware are on the rise. Cybercriminals know employees are the weakest link in an organisation and need only to convince these targets they are someone who should be trusted to achieve success. Attackers always follow the money and choose the easiest routes, and O365 generally meets this criteria.

Email is trusted communication by many. People often trust an email hasn’t been spoofed, or that a sender is who they say they are. If you regularly communicate with a party from a particular email address, why would you suddenly assume it is not legitimate? According to a Osterman Research white paper in April this yr, 44% of organisations were victims of targeted email attacks launched via a compromised account in the last 12 months.

To find out why mail is a good target and O365 Context, the anatomy of a typical O365 hack, what are the indicators of compromise and lastly what are the regulatory impacts and countermeasures check out the presentation our CTO Jason Edelstein conducted on the topic Making Sense of Office 365 Email (In)Security