These days, organizations are forced to navigate uncertain waters, resources are stretched as thin as ever, and workers are adapting to new workstyles. Through it all, Peters & Associates wants you to know that we have your back. As part of our 6-part webinar series, every two weeks we’ll be sharing solutions for supporting, managing, and securing your IT environment – whether workers are back in the office or working from home. Check out the schedule below to catch up on webinars that you’ve missed or register for our remaining webinars.
- July 8th, 2020, 11:00 AM Patch Management – Check out the recap blog here!
- July 22nd, 2020, 11:00 AM Endpoint Protection – Check out the recap blog here!
- August 5th, 2020, 11:00 AM Backup & Recovery – Check out the recap blog here!
- August 19th, 2020, 11:00 AM Securing Office 365 – Check out the recap video below!
- September 2nd, 2020, 11:00 AM Security Awareness Training – Register here!
- September 9th, 2020, 11:00 AM Managed SIEM – Register here!
On August 19th, we held our fourth webinar in our series, Securing Office 365. During that presentation we discussed the challenges of securing email, the role that organizations play in securing Office 365, and how Peters & Associates helps our clients to identify and resolve threats quickly. Read on to get caught up or check out the full recording below.
Who’s Responsible for Security in the Cloud?
Over the past five years, more organizations have embraced the cloud for hosting email and other productivity workloads. The cloud offers an opportunity for businesses and other institutions to offload server and infrastructure hardware and maintenance, along with operating system and basic application management. That leaves organizations to manage the user accounts and data.
From a security standpoint, most organizations should feel confident that the physical security measures that Microsoft has implemented in their Office 365 datacenters are more stringent than any small or medium-sized business could replicate. However, too many IT departments fail to recognize where Microsoft’s security responsibility ends, and the customer security responsibility begins.
If you are a managed services customer of Peters & Associates (Thank You!), you might be familiar with our Shared Responsibility Model for clarifying technology management accountability. Microsoft maintains a similar model. You can read more about it here. Below is a representation of Microsoft’s model. Office 365 is a SaaS service, so you can focus on the two leftmost columns. As you can see, Microsoft handles the bulk of responsibilities when it comes to maintaining and securing the environment. Critically, management and security of accounts and identity, is the customer’s responsibility. This happens to be the most common target for cyber attackers.
The Challenges of Email Security
According to findings in Verizon’s 2018 Data Breach Investigations Report, 92.4% of malware is delivered via email. For anyone tasked with securing their organization’s email environment, these numbers probably aren’t surprising. Why is email such a popular vector for cyber attackers? One theory would be that email is a low-tech and comparatively simple incursion point into an organization. Why put in the time and effort to hack network infrastructure when an attacker can deliver their payload in a simple email message?
Further complicating the matter for IT teams is the limitations of technology to stop malicious emails. Testing done by the internet security company Cyren, found that during the months of September and October 2017, enterprise email security systems missed 10.5% of SPAM, phishing, and malware emails. If technology can’t prevent these malicious emails from reaching the inboxes of our users, organizations must rely on our employees to be able to spot a suspicious email. Security Awareness Training is the topic of our next webinar, but employee training does not guarantee that a well-crafted spear-phishing email will be recognized. Given these shortcomings, how can organizations defend themselves?
Detecting Suspicious Activity in Office 365
When it comes to securing your business, we’ve presented two models for approaching the problem. One way to think about the security of your environment is in layers. While an individual layer of security may fail – our email filter misses an email with a bad link, a user that has been trained still clicks, etc. – we have other layers to help prevent or reduce the scale of attacks. You can learn more about that model here. The other security model that we routinely reference is the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF). Most recently, we reviewed this model in our webinar, “We’ve Got This: Backup & Recovery.” As we learned from the previous section, email protection measures like filtering or security awareness training can fail. In these cases, it’s best to have a method in place to detect when a mailbox has been compromised.
According to a July 2020 report from security vendor Barracuda, “more than one third of hijacked accounts discovered by researchers had attackers dwelling in the account for more than one week.” What type of activity should organizations be on the look out for? In our experience, the following factors have been common in successful account takeover attacks:
Essential Managed Services: Security Review for Office 365
Migrating to Office 365 shifts a lot of responsibility for maintaining email to Microsoft, however organizations must play a primary role in securing their email data. Routine monitoring of indicators of compromise in Office 365 is critical to reducing dwell time and stopping serious cyber attacks before they execute.
P&A provides daily review of foreign mailbox logins – activity that is most highly correlated with unauthorized access – and weekly review of about 20 other indicators of compromise in Office 365. Annually an Office 365 engineer takes a deep look at the security of your Office 365 tenant configuration and makes recommendations for further securing the environment. In addition to securing your cloud environment, P&A scans for critical open ports on a daily basis and completes a quarterly external vulnerability scan to ensure the security of your on-premises IT infrastructure.
P&A also provides implementation, monitoring, and support services for email filtering, advanced threat protection, and Multi-Factor Authentication.
Our team can help to secure your Office 365 tenant and stop attackers in their tracks. Meanwhile, you can focus your energy on supporting your employees and advancing your organization.
Looking to Learn More?
- You can download the slide deck here.
- Watch the full webinar below