Office 365 - The enemy in my inbox

by VPNHaus | 01/23/2020

Just as things don’t always go to plan in practice this is also true of information security. Although the security world are discussing defense strategies involving microsegmentation and artificial intelligence, the greatest threat to cybersecurity is still the humble email. According to a current study by the security provider Proofpoint, the majority of attacks are still launched through email. The Human Factor Report 2019 shows that more than 99% of the incidents investigated involved somebody enabling a macro, opening a file, clicking a link or opening a document. Another study, this time commissioned by PreciseSecurity narrowed this down further to a specific email application. Office 365 was reported by PreciseSecurity as the most exploited email application in Q3 2019 at 73%. Web browsers were considerably further down the list with an incident share 14 percent less than office 365.

We've known for a long time that email is risky but security awareness still remains poor. As long as businesses keep putting their employees through poorly designed web training on security awareness for 15 minutes once a year, it is unlikely that they will encourage their employees to become skilled in the battle against malware. However, if companies still want to spend large sums of money on technical security measures (which also have their place) then they should probably start with the most important things. So here’s number one on the list of good CISO resolutions for 2020. Introduce multi-factor authentication for all employees. Although even MFA is not entirely flawless and new automated attacks such as Muraen, evilginx and NecroBrowser are emerging MFA still makes using captured credentials difficult. For Office 365, MFS is best combined with conditional access.  This means that users only need to provide a second authentication factor when they are not connected via the company network.

Number two doesn’t cost anything, it simply requires good communication. Get rid of cryptic passwords and allow longer, more sensible passphrases. Many applications support 8-alphanumeric passwords with special characters, but still do not support a passphrase with 38 characters. This does not even need to be changed regularly if it is combined with MFA. And it should be clear that admins or privileged access management require stricter rules. Which brings us on to number 3 which doesn’t cost much in terms of licenses but is costly in effort to implement. Digital Leakage Prevention (DLP). The problem is not detecting problematic sentences and expressions in mails, chats and files but categorizing sensitive material in the first place. As most businesses do not make a good job of categorizing sensitive information, DLP is usually of limited value. And that’s even without mentioning that the DLP solution in Office 365 still has plenty of room for improvement.

Artificial intelligence or machine learning is number four on our list. User and Entity Behavior Analytics (UEBA) use machine learning and statistic algorithms to monitor user behavior and detect potential inside threats – usually according to baseline behaviors for specific roles. If a SAP admin does not usually create database users, UEBA will flag up this behavior even if the admin does have the required rights. But before you get started with UEBA, number five in our list – getting the basics sorted has to be a priority. Anti-virus, anti-phishing and anti-spam sounds simple but it still needs to be configured properly, maintained and monitored. Office 365 offers several anti-malware components and users who do not trust Microsoft can use third-party providers such as Checkpoint (CloudGuard Saas)

There are plenty of other things that we could have put on this list depending on business requirements, effective backups, a comprehensive IT security strategy and analysis tools to deal with the masses of log and event created by Office 365. But if you get the first five right, you will be well on your way to achieving the rest.