21-Day Trial

Our Blogs

Why does Microsoft 365 Need Additional Email Security?

  • 8:27 pm
  • 269 Views

Does office 365 need extra email security?

As more and more businesses migrate to Office 365, a larger number of hackers have started to take notice and have used it as an opportunity. The results of this mean that businesses are now being flooded with spam and phishing emails and it’s much more than their existing security measures can handle. This is an issue because more and more phishing attempts from attackers are getting through.

It’s nothing new for an email system to be attacked, in fact, all email systems are targets for these hackers. The ones that are based in the cloud, like Office 365, are more appealing.

Although Office 365 does have its own security solutions natively, the sheer number of scams being fired at them will result in some slipping through the cracks.

Here are some of the reasons why you need an extra security layer on Office 365:

Most cyber-attacks come through email

It’s true that most cyber-attacks do come via email, in fact, around 80% of cyber-attacks happen this way.

Phishing is the most common method of attack even though it’s the least known way. They happen so often and they are really difficult to spot unless you know what you are looking for. They are usually crafted in a way that’s indistinguishable to a normal user and can only be spotted after you have done some research. If you don’t know what you are looking for then the damage done won’t be noticed until after the attack has happened. (see ‘How to prevent email phishing attacks’) (link it here)

Users are mostly aware of spam emails and malware attached to emails. This is because everyone receives them at some point. There is no real way of getting away from them. They are relatively simple to spot but there is still a risk.

Each employee is a target for the business

Every employee at a business that uses emails is a potential gateway for attackers to force through. The more employees there are, the more access points a hacker could have to a business’s sensitive data although all employees are at equal risk. This data can include things like bank details, login information and much more.

Attacks are becoming more refined

Attacks are becoming more and more well thought-out. The main ones that have evolved are Phishing emails. Phishing emails try to lure users in by posing as a real entity to try and get you to trust them and more importantly, click the link or attachment that the email contains. The issue with phishing emails now is that they are getting harder and harder to spot due to how precise they are. They will copy the wording, phrases, logos and even external webpages of the person/company that they are trying to impersonate. It’s really scary how accurate the phishing scams are in the current moment and they are only going to become more and more sophisticated at time goes on.

To bypass the existing security measures, hackers will use links to real webpages and change their actual destination so that they can get through.

When users get targeted by spear phishing, the problem becomes even worse. Spear phishing emails don’t contain links which makes them even harder to detect. They are also usually tailor-made to the specific user that they are being sent to. Attackers will spend lots of time analysing the targets behaviour and interests. It requires specialist knowledge to pull this off. This will then result in an email being sent that is written in such a way that it draws the attention of the target.

These spear phishing attacks don’t just happen through one email. They are sequenced. They will usually send one email that doesn’t request any form of information from the user but acts as an enquiry of sorts. They use this to try and build up trust between them and the user. These emails are used to gain access to really sensitive data to do this, they have to trick the user into coughing up certain things. The attackers could then come out of it with bank accounts, login credentials or even trick the user into wiring money from the company.

The cost of the aftermath of an attack

Depending on the scale of the attack, the cost can be thousands or even millions. A 2018 Securities and Exchange Commission (SEC) investigation revealed that of nine companies targeted in a string of spear phishing attacks in 2018, two lost more than $30 million each, while the total loss for all businesses combined was more than $100 million (Reference)

In more recent times, more high-volume attacks have been used that don’t aim to gain as much profits but the attacks are much quicker and more frequent. An example of this is invoice phishing. It’s happening more and, whilst the profits aren’t as big as large-scale phishing scams, the cost to recover and the profits that are being made add up over time.

Types of costs that companies have to deal with include:

  • IT costs – Restoring the IT systems that have been affected during the attack consumes valuable IT resources
  • Legal costs – Taking legal action against the hackers the performed the attack and shielding the company from damages from the breach can cost a sizeable amount of money
  • Support costs – Companies have to respond to customer concerns after a breach to retain support and trust. This coupled with support line being flooded can result in 100s of hours of more work for the employees
  • Operational disruption costs – Having to suspend IT services after a breach is common practice but it results in a loss of productivity which is the main cause of issues for companies after an attack

Normal email security measures are out of date

Common email security measures aren’t enough anymore. One of the common security measures are Secure Email Gateways (SEG). These are based on being able to identify already known threats. With new types of threats being created every day, it’s impossible for this method to keep up and stop all types of attacks.

Exchange Online Protection (EOP) is Microsoft’s email filter. Its effective at blocking known threats in Office 365 but, with more targeted attacks like spear phishing, they are unknown and will break through the security measures.

Microsoft is a huge target

Office 365 is the most adopted email solution on the market boasting a huge 54% market share with over 155 million users. This, for obvious reason, makes Microsoft the main target for hackers. They have rich applications within Office 365 that makes it appealing like SharePoint and OneDrive which usually store sensitive information.

So, what do we recommend?

We think that it is really important to add another layer of protection to Office 365 that compliments the existing measures that are native to them. To really move forward, businesses must look far past the traditional outdated methods and add an extra layer to make sure that Office 365 is secure. Act fast and not reactionary. That’s the best way that your emails will be safe.

Share this post
Facebook
WhatsApp
Twitter
LinkedIn
Email
Search for a blog
Select blog category
Recent Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

21 Day Free Trial Application

Welcome to a new era of EPaaS – Managed EmailProtection as a Service

Linkedin Linkedin
PRODUCT / FEATURES
COMPANY
© 2023 Email Protection. All rights reserved. A service made with love by Broadband9 LTD (11084597)