Recent research conducted by Fortra found that phishing emails are seen as the most dangerous threat to businesses across all email platforms. In fact, the most common way hackers gain access to M365 accounts is through targeted phishing attacks – also known as spear phishing.
In order to execute a spear phishing attack, a cybercriminal sends an email (or emails) to employees, seemingly from a trusted source – often C-suite and suppliers – requesting them to click on a malicious link. Once the employee clicks on the link, it redirects them to a spoofed login page where the hacker is then able to harvest sensitive information including log-in credentials that the unsuspecting employee provides. Having access to log-in details enables cybercriminals to steal sensitive information held in the cloud, impersonate an account holder, distribute further spear phishing emails from a legitimate account, or deliver a ransomware payload into the network. These kinds of attacks often go undetected long enough to allow the hacker to steal the information they need to cause major disruption to any business.
End Unauthorized Access Anguish
Another common way of accessing a M365 environment is for cybercriminals to force their way into accounts using a sequence of obvious passwords. While one of the benefits of the M365 cloud platform is its widespread accessibility for employees, this can also pose a threat to security, offering this same access to cybercriminals. If a hacker harvests an employee’s password, they will have instant access to the account and broader environment.
Because M365 is designed for remote access, identification of unauthorized access to accounts is not instantly detected, making it much easier for hackers to attempt multiple log-ins and be granted access. In addition, targeting one employee at a time – rather than everyone within an organization – reduces the chance of detection further and once a cybercriminal has access to one account, it makes it extremely easy to infiltrate from the inside.
Access to one individual’s account could allow a maliciously motivated individual to gain access to documents and databases and steal sensitive information that resides in the platform and within emails. Hackers could also set up auto-forwarding rules so that the compromised account sends copies of emails to another email address without detection.
Masterfully Mitigate Email Threats
Multi-factor Authentication
With many employees using a password across multiple platforms and services, hackers have a much better chance of stealing or guessing one password and gaining access to a whole host of information. Multi-factor Authentication (MFA) adds an extra layer of protection to a M365 platform by implementing a second, or in some cases where the information is of greater sensitivity, a third password to ensure that even if a hacker gains one authentication method, they still won’t gain access to an account.
A second factor is then used to help further authenticate that logins are genuine. This could be another password, characters from a passphrase, FOB, or an app with an ever-changing number, fingerprint, facial recognition check, or even an iris scan.
Training & Education
Training employees on the signs of malicious activity through email will reduce the risk of employees clicking on malicious links that lead to phishing attacks. Security awareness training and phishing simulations for staff at multiple intervals annually are great ways to educate and upskill staff. Combining threat prevention sessions with best practice sensitive data handling will help improve an organization’s overall security posture.
Building in a cybersecurity session with the IT team during onboarding will mean that all new staff members who join an organization will be off to a great start in terms of understanding and complying with company security policies and procedures.
Augment Your Architecture
Integrating advanced threat prevention and data protection features to a M365 platform can enhance its existing security. Fortra Email Security can be layered onto M365 to enable deep content inspection of all email traffic through the platform – inbound, outbound and internal – in both email messages and attachments. The solution automatically detects and redacts malicious URLs in real time, as well as sensitive data (e.g., PII, PCI, etc.), allowing a safe version of the communication to be delivered.
The Redaction functionality removes embedded malware or sensitive information before it’s delivered into an employee’s inbox, mitigating the risk of inadvertently clicking on a link in a phishing email or sending sensitive information that may cause an organizational data breach.
Taking advantage of the ability to plug in third-party applications to improve the security of a M365 platform will also enhance the protection of critical data being stored across the cloud service while allowing employees to go about their day-to-day business without disruption.