How to protect your Microsoft Office 365 environment from cyber threats

A quick shift toward Microsoft Office 365 and Azure AD in the cloud has expanded the attack surface for many organizations, says Vectra AI.

office-365.jpg

Image: Microsoft

The coronavirus pandemic has forced many organizations to transition their applications and other assets to the cloud. One of the most popular applications continues to be Microsoft Office. As such, there's been a surge in Office 365 implementations over the past year.

SEE: Office 365: A guide for tech and business leaders (free PDF) (TechRepublic)

This increased reliance on Office 365 has naturally caught the eye of cybercriminals who have been ramping up their attacks against Microsoft's cloud-based Office environment for many customers. In a report released this week, cybersecurity firm Vectra AI offers advice on how to protect your organization's own installation and use of Office 365.

To kick off its report on "Securing Microsoft Office 365 in the new normal," Vectra AI commissioned Sapio Research to survey 1,112 IT security decision makers among businesses that use Office 365 and have more than 1,000 employees. The survey reached businesses across several sectors, including government, finance, retail, manufacturing, healthcare, education and pharmaceutical.

A full 97% of the security professionals surveyed said they've extended their use of Office 365 as a result of the pandemic. But over the past year, 82% of the respondents have seen their organization's cybersecurity risk increase, while 58% believe the gap between attacker and defender capabilities is widening.

The survey also asked people to name their top security concerns specifically with the data held in their Office 365 environments. The top concern as cited by 48% of the respondents was the risk of data compromise. Some 45% said they were worried about the risk of credential abuse leading to account takeover by unauthorized users. The same percentage expressed fears over the ability of hackers to hide their tracks using legitimate Microsoft tools such as Power Automate and e-Discovery.

To help you better defend your own Microsoft Office 365 environment, Vectra AI offers 10 recommendations:

  1. Understand your privileged accounts. You need to understand which accounts can access sensitive data or use powerful Microsoft Office 365 tools such as eDiscovery. Such accounts will be prime targets for cybercriminals. Strictly limiting system and tool access to required job roles will contain the damage from a compromised account.
  2. Measure the right metrics. Any metrics you use to measure security effectiveness must pass the "so what?" test. It must trigger a specific action and not merely inform. Make sure you measure the time it takes to acknowledge a threat and the time required to respond to one. You also should measure any repeated incidents as well as reinfection rates. All of this information will reveal how effectively your team is identifying and mitigating threats.
  3. Implement MFA. Multifactor authentication may not be the golden ticket of securing accounts, but it's still an important tool for slowing down attackers. If you don't already, ensure that all accounts are using MFA.
  4. Minimize configuration complexity. Transitional hybrid cloud environments can deliver the worst of both worlds in security, redundancies and blind spots to be exploited. Lengthy transitions can strain your IT and security resources and increase risk. Accelerating the transition will simplify and streamline your environment.
  5. Conduct regular testing. Such exercises as penetration testing and red teaming will help you assess the foundation of your security defenses by identifying vulnerabilities and attack paths. Repeat these tests regularly to ensure that any changes actually improve your security posture.
  6. Train all your staff, including security professionals. As you shift your operations to the cloud, make sure that your workforce knows how to use any new tools safely and securely. Also educate employees about specific threats, such as adversaries who try to impersonate the IT team in phishing emails. Further, ensure that your security staff understands the new environment and can switch from traditional perimeter-based strategies to the more open borders of the cloud.
  7. Understand how tools are being used. Microsoft Office 365 tools like eDiscovery and Power Automate can be devastating in the wrong hands. You need to learn how these tools are used in the context of their normal behavior. Suspicious or malicious activity should be identified immediately and stopped before any damage can be done.
  8. Gain a unified view across your environments. Adversaries will freely move between your traditional environment and cloud networks, challenging you to look for threats across the board. You need to be able to identify malicious behaviors throughout your IT network, SaaS cloud environment, data center and other areas that could be exploited.
  9. Use AI to accelerate and automate your response times. You aren't the only one benefiting from the increased speed and scale of the cloud. Threat actors are as well. Enhanced analytics derived from artificial intelligence and machine can help you quickly find malicious activity and automate your responses.
  10. Cut through the noise. Rapid response capabilities are essential but they're only half the story. You need a way to cut through the noise so that you're not overwhelmed by too many false positives. Using an AI-powered network detection and response tool that's accurate and reliable can help achieve this.

Also see