The three primary challenges of securing Office 365: can users be the solution?

Published: Monday 21st January 2019

Office 365 provides peerless collaboration tools and accessibility from any location, on any device. But the broad range of user features and functions also bring complex cyber-security challenges.

In any enterprise that uses Office 365, the risk of a breach arises from both inside and outside the organisation – driven by bad actors as well as employees who make mistakes or use the platform carelessly. And once accounts or user credentials are compromised, this leaves your enterprise wide open to a range of risks, including executive impersonation, financial fraud, sensitive data theft, reputational damage and business disruption.

Three key security threats

1. Credential theft: 
With a stolen username and password, hackers can access Office 365 mailboxes, business data and more. Even two factor authentication is increasingly being defeated through maninthemiddle attacks and other targeted approaches. With the right credentials, bad actors can impersonate executives, send fraudulent emails, and access and distribute sensitive information.

2. Abuse of privileged rights:
From the Office 365 administration platform, it’s incredibly easy to access any user’s email, SharePoint or OneDrive, without that user’s knowledge. 70% of attempts to steal credentials are focused on admin accounts – hackers know the power of these accounts.  Internal or external malicious actors in the admin platform can bring an organisation to its knees.

3. File sharing security:
It is a complex challenge to manage SharePoint and OneDrive document security, due to the large – and easily scalable – number of users on the platform. Users have the power to share files widely, and can erroneously or maliciously give bad actors access to sensitive assets. And as the number of users grows, file sharing relationships can quickly spiral out of control.

Are standard cyber security tools able to keep pace?

Today’s cyber security solutions largely focus on collecting vast lakes of data and using sophisticated technology to analyse this information. This approach also depends heavily on large teams of highly trained (and expensive!) security analysts to identify and verify threats.

Applying this model to the Office 365 environment would lead to a phenomenal increase in the volume of data, and associated costs. Time to detect and remediate would be unsustainable.

It’s time for a new approach

To address these shortcomings, a new school of thought focuses on self-service cyber-security. This strategy involves users in the collective defence of an organisation. Ongoing cyber security education and training play a valuable role, but beyond this – the goal is to empower users with tools to monitor their own apps, accounts and other assets.

Why? Because users are best positioned to identify whether suspicious events and behaviour are legitimate or malicious. A user-centric system that is able to distinguish between legitimate actions and threatening incidents in context, based on individual user profiles, is hugely efficient in the Office 365 environment.

This type of solution can help users to monitor and control who can access their accounts, change their configuration, or access their sensitive SharePoint libraries.

  • This helps to protect the enterprise at scale as you now have an entire cyber army working together.

  • It increases the efficiency of the security team, SOC and SIEM – because these resources only have to process genuine, user-verified threats.

Most importantly, time to detect and remediate these Office 365 breaches is massively reduced.

Read our new white paper exploring the three primary challenges of securing Office 365 and if users can be the solution. IDECSI can empower your users to secure your enterprise. Learn more about IDECSI Office 365 offering.