Office 365 is under threat of cyber attack
7th February 2019
Microsoft Office 365 is used by over 50% of commercial and not-for-profit organisations globally. Together with its Google G Suite rival, Office 365 is at the forefront of the radical shift from the use of on-premise software applications to cloud-based services. The ubiquitous use of Office 365 has led to exponential growth of cyber attacks particularly associated with the use of Outlook, Excel, SharePoint and OneDrive.
Compromised accounts and insider threats
In common with all cloud services, Office 365 is particularly susceptible to cyber attacks that use compromised accounts and insider threats from a malicious or unsuspecting member of staff. McAfee reported that the average organisation experiences an average of 2.7 Office 365 cyber attacks each month. Compromised accounts include an unauthorised third-party logging into a corporate Office 365 account using stolen credentials. A common insider threat is where a user interacts with a phishing email or downloads sensitive data from SharePoint Online before they join a competitor. A privileged attack is particularly damaging, as access to an administrator’s Office 365 account can potentially enable the hacker to have unlimited scope for illegal activities.
How secure is your Office 365?
Secure Score has been designed by Microsoft to analyse an organisation’s Office 365 security based on existing settings and the regular activities of its users. The application determines which Office 365 services are running (such as OneDrive, SharePoint, and Exchange) and then compares their secure configuration to an industry standard baseline. Users get a score based on how well aligned their organisation is with best security best practice. They also receive recommendations on how to improve their security posture in future.
Microsoft Office 365 ATP
made significant investments in service-level cyber security in the last few years.
Office 365 Advanced Threat Protection (ATP) is designed to protect organisations from malicious attacks by:
- Scanning email attachments for malware with ATP Safe Attachments
- Scanning web addresses (URLs) in email messages and Office documents with ATP Safe Links
- Identifying and blocking malicious files in libraries of SharePoint, OneDrive and Teams
- Checking email messages for unauthorised spoofing with spoof intelligence
- Detecting impersonation of users and domains with ATP anti-phishing capabilities
Office 365 ATP is included in subscriptions, such as Microsoft 365 Enterprise, Microsoft 365 Business, Office 365 Enterprise E5, and Office 365 Education A5. If your organisation has an Office 365 subscription that does not include Office 365 ATP, you can potentially purchase ATP as an add-on.
Office 365 Top Ten for cyber security
The Microsoft Top 10 ways to secure Office 365 Business plans information page provides a helpful guide for small to medium-sized enterprises. Many of its goals particularly for training and staff awareness are informed by the Harvard Kennedy School Cybersecurity Campaign Handbook.
The list of key cyber security tasks includes:
- Set up multi-factor authentication (MFA)
- Train your users
- Use dedicated admin accounts
- Raise the level of protection against malware in email
- Protect against ransomware
- Stop auto-forwarding of email
- Use Office Message Encryption
- Protect your email from phishing attacks
- Protect against malicious attachments and files with ATP Safe Attachments
- Protect against phishing attacks with ATP Safe Links
Advice from the front line
Adam Jones, Technical Director at Wizard Cyber, confirmed, “We deliver Office 365 cyber security services to many of our SME and enterprise clients. We configure Office 365 ATP by default and look to harden the whole closely related Windows 10 desktop, Exchange Online and Azure ecosystems.”
In addition to the Microsoft guidance, we can provide the following additional advice:
- Create and enforce a strong password policy to protect all network and Office 365 accounts
- Turn on MFA for all users to protect accounts against social engineering and brute force attacks where user information can be gathered or guessed.
- Implement full auditing of mailboxes to enable tracking
- Review suspicious activity on Office 365 Active Directory to identify users who are logging in on unusual devices or locations.
- Use Office 365 Cloud App Security to define policies that trigger alerts and monitor activity