Office 365 Security Solutions

There are many Office 365 security solutions on the market that have been developed specifically to work with Office 365 to improve protection against phishing, spear phishing, malware, ransomware, and email impersonation attacks and prevent costly data breaches. These solutions are now a necessity as Office 365 are being targeted by cyber actors and native Office 365 security protections fail to block advanced attacks.

Office 365 Accounts are Being Targeted by Cyber Actors

Office 365 has proven to be a huge hit with businesses and is now the most popular cloud platform, which makes it a prime target for cyber actors. Office 365 accounts contain a wealth of sensitive data that can easily be monetized by threat actors. In healthcare, Office 365 email accounts contain large amounts of protected health information, making attacks on healthcare organizations extremely profitable. If Office 365 credentials are obtained, accounts can be accessed, and PHI stolen. The accounts can also be used for further attacks on the organization and give attackers the foothold they need for a much more extensive cyberattack.

The HHS’ Office for Civil Rights breach portal shows many healthcare organizations are struggling to secure their email accounts. Between January 1, 2020 and May 31, 2020, there were 176 data breaches of 500 or more records reported to the HHS’ Office for Civil Rights. 78 of those breaches (44.3%) involved data stored in email accounts.

Why are Phishing Attacks so Successful?

Phishing poses a significant threat to all businesses. This attack technique is used in more than 90% of all successful cyberattacks according to Verizon and attacks have been steadily increasing. There are several reasons why phishing is so effective.

Phishing target the weakest link in the security chain – employees – using a variety of social engineering techniques to fool the unwary into disclosing credentials, sensitive data, or downloading malware. Phishing awareness training is requirement of HIPAA, but many organizations are not providing enough training. It is still common for training to be provided only once or twice a year, when phishing awareness training should be a continuous process. Even when training is regularly provided, employees are often not tested with phishing simulations. Providing training is one thing. Ensuring the training has had the desired effect is another matter entirely. Phishing simulations can show how effective the training has been and can help to identify weaknesses in the training program and employees who require further help at identifying phishing emails.

Organizations should appreciate that even with advanced Office 365 security solutions, some threats will still be delivered to inboxes. Employees are the last line of defense, so they must be trained to be vigilant at all times and conditioned to look for suspicious emails that could potentially put their organization at risk. Effective training coupled with phishing simulations can reduce susceptibility to phishing attacks, and over time organizations can significantly improve their resilience to attacks through training and testing.

Office 365 Security Solutions

Securing Office 365 accounts can be a challenge. The key to improving security on Office 365 accounts is to implement strong, layered defenses. Microsoft provides a rudimentary level of protection for Office 365 accounts through Exchange Online Protection (EOP), but EOP alone is not sufficient. It is effective at blocking known malware threats but lacks the sophistication to block zero-day phishing and malware threats. One study conducted by Avanan revealed 25% of phishing emails bypass EOP and are delivered to inboxes. EOP, and even the Advanced Threat Protection (APT) security plan offered by Microsoft, do not provide the layered approach necessary to block sophisticated phishing and malware attacks that are provided by best of breed third party Office 365 security solutions.

Leading cybersecurity companies such as TitanHQ, Proofpoint, Agari, Cisco, and Sophos offer Office 365 security solutions that have been specifically developed to compliment the protections provided by Microsoft and add extra layers of protection for Office 365 accounts. These solutions add an extra layer of protection, but also use a layered approach themselves with multiple threat detection mechanisms to identify sophisticated malware, ransomware, phishing and email impersonation attacks.

Advanced Measures Used by Office 365 Security Solutions to Block Attacks

Best of breed Office 365 security solutions incorporate a range of advanced threat detection and automated remediation measures to improve security and block sophisticated Office 365 attacks such as business email compromise, spear phishing, email impersonation, and zero-day threats. These advanced features include:

Machine Learning

Machine learning algorithms are used in advanced Office 365 security solutions to identify zero-day phishing threats, by recognizing patterns that have been used in past phishing and spear phishing attacks. These predictive method allow new threats to be detected and are key to blocking business email compromise attacks, which often do not include malware or malicious URLs.

Sandboxing

Multiple AV engines are used by Office 365 security solutions to block known malware threats, but new malware and ransomware variants are often released and malicious code in attachments is constantly updated to evade detection by signature-based antivirus mechanisms. Sandboxing is used to detect these new threats, by isolating suspicious attachments and detonating them in an isolated environment to identify malicious actions such as command and control server callbacks.

Data Leak Protection

Many Office 365 security solutions scan outbound as well as inbound email to provide protection against insider threats and identify compromised mailboxes and attacks such as business email compromise. Sensitive data such as Social Security numbers can be tagged and attempts to send the data externally will be blocked.

Email Impersonation Protection

Phishers spoof trusted contacts and well-known brands to make emails appear to be genuine requests. Advanced Office 365 security solutions incorporate SPF, DKIM, and DMARC to identify and block these email impersonation attacks.

Malicious Link Protection

Embedded hyperlinks in emails and email attachments are used to direct users to malicious websites. Advanced Office 365 security solutions rewrite URLs and follow them to assess the nature of the webpages. Time-of-click protection is used to detect malicious websites in real-time and block visits to known malicious sites and identify previously unknown malicious URLs.

Enable Multifactor Authentication on Office 365 Accounts

Office 365 security solutions will block the majority of malicious emails and security awareness training will help to reduce susceptibility to phishing attacks, but phishing attacks are becoming more sophisticated and even advanced defenses will not stop all attacks. If credentials are compromised, it is important that measures are implemented to prevent them being used to access email accounts. The most effective measure to implement to prevent credentials being used is multi-factor authentication.

With multi-factor authentication, a password alone is not sufficient to gain access to an email account. A second factor must also be provided. The system is usually triggered when credentials are used from an unfamiliar location or when a new device is used to access an Office 365 account. Following a successful phishing attack, multi-factor authentication is one of the most commonly adopted additional security measures implemented to block further attacks. Had MFA been implemented before, the attack could have been prevented. MFA is not infallible, but it is very effective. In an August 2019 blog post, Microsoft explained that multifactor authentication will prevent 99.9% of attacks on Office 365 account compromise accounts.